MVB FINANCIAL CORP (MVBF) Business

ITEM 1. BUSINESS

Corporate Overview

MVB Financial Corp. is a financial holding company organized in 2003 as a West Virginia corporation that operates principally through its wholly-owned subsidiary, MVB Bank, Inc. (the “Bank”). The Bank’s consolidated subsidiaries include MVB Edge Ventures, Inc. (“Edge Ventures”), Paladin Fraud, LLC ("Paladin Fraud") and MVB Insurance, LLC. Edge Ventures wholly-owns MVB Technology, LLC and Victor Technologies, Inc. ("Victor"). The Bank also owns an equity method investment in Intercoastal Mortgage Company, LLC (“ICM”) and MVB Financial Corp. owns equity method investments in Warp Speed Holdings, LLC (“Warp Speed”) and Ayers Socure II, LLC (“Ayers Socure II”). MVB Financial Corp.'s consolidated subsidiaries also include SPE PR, LLC.

As of December 31, 2024, the Bank owned an 80.8% interest in Trabian Technology, Inc. ("Trabian"). In January 2025, the Bank entered into a stock repurchase agreement with Trabian in which Trabian repurchased all the shares held by MVB. Refer to note Note 24 – Acquisitions and Divestitures.

On September 30, 2025, we executed an asset purchase agreement to sell substantially all assets and operations of Victor to Jack Henry & Associates ("Jack Henry"). We recorded a $34.2 million pre-tax gain associated with the sale of Victor that is included in gain on divestiture activity in the consolidated statement of income. Refer to Note 24 – Acquisitions and Divestitures.

Business Overview

We conduct a wide range of business activities through the Bank, primarily commercial and retail (“CoRe”) banking services, as well as Fintech banking.

CoRe Banking

We offer our customers a full range of products and services including:

Fintech Banking

We provide innovative strategies to independent banking and corporate clients throughout the United States. Our dedicated Fintech team specializes in providing banking services to corporate Fintech clients, primarily focusing on operational risk management and compliance. Managing banking relationships with clients in the payments, banking-as-a-service and gaming industries is complex, from both an operational and regulatory perspective. Due to this complexity, there are a limited number of banking institutions serving these industries, which can result in a lack of quality focus on these entities, providing us with an expanded pool of potential customers. When served safely and efficiently, we believe these industries provide a source of stable, lower-cost deposits and noninterest, fee-based income. We thoroughly analyze each industry in which our customers operate, as well as any new products or services provided, from an operational and regulatory perspective.

Professional Services

Paladin Fraud

Paladin Fraud, a wholly-owned subsidiary of the Bank, provides an extensive and customizable suite of fraud prevention services for merchants, credit agencies, Fintech companies and other vendors to help clients and partners defend against threats.

Trabian

Trabian builds digital products and web and mobile applications for forward-thinking community banks, credit unions, digital

3

banks and Fintech companies. As of December 31, 2024, the Bank owned an 80.8% interest in Trabian and consolidated 100% of Trabian within the Company's consolidated financial statements. In December 2024, the Board of Directors and Finance Committee approved a plan to sell the Bank's controlling interest in Trabian, and as such, Trabian's assets and liabilities were classified as held-for-sale on the consolidated balance sheet as December 31, 2024. In January 2025, we entered into a stock repurchase agreement with Trabian in which Trabian repurchased all the shares held by MVB. As a result of the transaction, we no longer consolidate Trabian in our financial statements. Refer to Note 24 – Acquisitions and Divestitures.

Primary Market Areas and Customers

Our primary market area for CoRe banking services encompasses North Central West Virginia and Northern Virginia, where we currently operate seven full-service branches, including six in West Virginia and one in Virginia. Overall, 26.0% of the Bank's lending activity across all loan types occurs to borrowers outside of this region, mostly loans to healthcare facilities secured by commercial real estate and working capital lines of credit, as well as loans through Small Business Administration ("SBA") lending programs to borrowers across numerous industries. The Bank also engages in both residential mortgage and mortgage construction lending in regions outside of the primary market, concentrated in the North Carolina and South Carolina markets. We consider our Fintech banking market to be customers located throughout the entire United States.

We believe that the current economic climate in our primary market areas reflect economic climates that are consistent with the general national economic climate. Unemployment in the United States was 4.1%, 3.8% and 3.5% for December 2025, 2024 and 2023, respectively.

Segment Reporting

We have identified three reportable segments: CoRe Banking, Mortgage Banking and Financial Holding Company. All other operating segments are summarized in an Other category. We determined these segments based on differences in products and services.

Our CoRe Banking segment, which includes our Fintech division, represents banking products and services offered to customers by the Bank, primarily loans and deposits accounts. Revenue from banking activities consists primarily of interest earned on loans and investment securities and service charges on deposit accounts.

Revenue from our Mortgage Banking segment is primarily comprised of our share of net income or loss from mortgage banking activities of our equity method investments in ICM and Warp Speed.

Revenue from Financial Holding Company activities is mainly comprised of intercompany service income and dividends.

The Other category consists of professional services and our Edge Venture companies. Revenue from the professional services are primarily made up of professional consulting income derived from banks and Fintech companies. Revenue from our Edge Ventures companies, including Victor, primarily consist of software services, offering account functionality and transactions to customers through web-based platforms. In September 2025, we sold substantially all assets and operations of Victor.

For more information about each of our reportable segments, refer to Note 22 – Segment Reporting accompanying the consolidated financial statements included elsewhere in this report.

Commercial Loans

At December 31, 2025, the Bank had $1.71 billion outstanding in commercial loans, including commercial and industrial, commercial real estate and construction loans. These loans represented 72.9% of the total aggregate loan portfolio as of that date.

Commercial lending entails significant additional risks compared to residential and consumer lending. In addition, the ability of a borrower to make payments on commercial loans typically depends on adequate cash flow of a business and thus may be subject to adverse conditions in the general economy or a specific industry to a greater extent than consumer loans. Loan terms include amortization schedules commensurate with the purpose of each loan, the source of repayment and the risk involved. The primary analysis technique used in determining whether to grant a commercial loan is the review of a schedule of estimated cash flows to evaluate whether anticipated future cash flows will be adequate to service both interest and principal due. In addition, the Bank reviews collateral to determine its value in relation to the loan in the event of a foreclosure.

The Bank evaluates all new commercial loans and the Bank’s credit department facilitates an annual loan review process that

4

ensures that a significant portion of the commercial loan portfolio, typically a minimum of 60%, is reviewed each year under a risk-based approach. The Bank also engages a third-party for an external loan review, which targets 35% to 40% of the commercial loan portfolio on an annual basis, also using a risk-based approach for loan selection. If deterioration in creditworthiness has occurred, the Bank takes prompt action designed to ensure repayment of the loan. Upon detection of the reduced ability of a borrower to meet original cash flow obligations, the loan is considered for possible downgrading and may be considered classified and potentially placed on non-accrual status.

Residential Mortgage Loans

At December 31, 2025, the Bank had $609.1 million of residential real estate loans, home equity lines of credit and construction mortgages outstanding, representing 26.0% of total loans outstanding.

The Bank generally requires that a residential real estate loan amount be no more than 80% of the purchase price or the appraised value of the real estate securing the loan unless the borrower obtains private mortgage insurance for the percentage exceeding 80%. Occasionally, the Bank may lend up to 100% of the appraised value of the real estate. Loans made in this lending category are generally one- to ten-year adjustable rate, fully amortizing to maturity mortgages. The Bank also originates fixed-rate real estate loans and generally sells these loans in the secondary market. Most real estate loans are secured by first mortgages with evidence of title in favor of the Bank in the form of an attorney’s opinion of the title or a title insurance policy. The Bank also requires proof of hazard insurance with the Bank named as the mortgagee and as the loss payee. The Bank obtains full appraisals from licensed appraisers for the majority of loans secured by real estate. In addition, the Bank purchases residential real estate loans from ICM, a residential mortgage lending company, and Warp Speed, a holding company whose subsidiaries are focused on residential and commercial loan origination and servicing.

Lenders generally consider residential construction financing to involve a higher risk of loss than long-term financing on improved, occupied real estate. The risk of loss on a construction loan depends largely upon the accuracy of the initial estimate of the property’s value at completion of construction and the estimated cost (including interest) of construction. If the construction cost estimate proves to be inaccurate, we may advance funds beyond the amount originally committed to permit completion of the project. With respect to construction loans, the Bank generally makes loans to the homeowner, rather than to the builder. At December 31, 2025, residential mortgage construction loans to individuals totaled $47.0 million with an average remaining life of three months. These loans are generally refinanced to a permanent loan upon completion of the construction.

Consumer Loans

At December 31, 2025, the Bank had $25.6 million of consumer loans, including installment loans and personal lines of credit, representing 1.1% of total loans outstanding. Consumer loans include installment loans used by clients to purchase automobiles, boats and recreational vehicles. Credit risk for consumer loans is similar to residential real estate loans described above as it is subject to the borrower’s continuing financial stability and the value of the collateral securing the loan.

Competition

Our business experiences significant competition in attracting depositors and borrowers. Competition in lending activities comes principally from other commercial banks, savings associations, insurance companies, governmental agencies, credit unions, brokerage firms and pension funds. The primary factors in competing for loans are interest rates, loan terms and overall lending services. Competition for deposits comes from other commercial banks, savings associations, money market funds and credit unions, as well as from insurance companies and brokerage firms. Competition for deposits also comes from other Fintech-focused banks and neobanks, which are online-only financial institutions. The primary factors in competing for deposits are interest rates paid on deposits, account liquidity, convenience of office locations, technology offerings and overall financial condition.

Fintech companies also compete with us directly and in partnership with other banks and financial services providers in lending, deposits, contactless payment cards, digital wallets and mobile payments solutions, installment or other buy now pay later methods, real-time payment systems, peer-to-peer payments, card readers and other point of sale technologies, tools that simplify merchant payments and other markets. We believe that our approach of integrating banking services with technology provides flexibility, which enables the Bank to offer an array of banking products and services. ICM and Warp Speed also face significant competition from traditional financial institutions, Fintech-focused banks, neobanks and other national and local mortgage banking operations.

We operate under a “needs-based” selling approach that management believes has proven successful in serving the financial needs

5

of most customers. It is not our strategy to compete solely based on interest rates. Management believes that focusing on customer relationships and service will promote our customers’ continued use of our financial products and services and will lead to enhanced revenue opportunities. We are also involved in innovative strategies to provide independent banking to corporate clients throughout the United States by leveraging recent investments in Fintech companies.

Human Capital Resources

As of December 31, 2025, we employed 403 team members. We seek to attract, retain and develop the most talented team members possible, regardless of location, by promoting a strong, positive culture, offering competitive compensation, maintaining a safe and healthy workplace, investing in training and education and emphasizing open communication with management.

Culture & EEO

We remain committed to maintaining and growing our culture by leveraging our purpose, values and associated behaviors. We have successfully operationalized our culture initiative by embedding these elements into our day-to-day operations. Examples of this can be found in our talent acquisition, onboarding, education and performance processes. We take time to listen to our team members, to understand areas of opportunity and to provide support that enables us to execute on our business strategy.

Our goal is to create and sustain a visible commitment to equal opportunity in employment that is recognizable to current and future team members, clients and partners. We believe leveraging differences in thoughts, experiences, backgrounds and perspectives drives team member engagement, innovation and financial success.

We established a Workplace Culture Team Member Resource Group, composed of company volunteers across the organization. We believe educating our team members about events and subjects related to diversity, equity and inclusion creates a more inclusive culture, enables leaders across the organization to develop diverse teams and fosters collaboration and innovation.

Total Rewards

To attract and retain team members, we consistently assess the labor market and seek to improve our benefit and compensation programs. We offer a competitive salary structure with short- and long-term performance incentives. We designed our total compensation programs to promote the interests of our team members and shareholders, while enabling us to attract and retain top-quality executive talent.

We aim to create a culture of wellness by educating, supporting and empowering team members and their dependents to improve and maintain their overall health and well-being through healthy lifestyle choices. We offer competitive benefits plans, wellness incentives, flexible work arrangements, parental leave and community service opportunities. We also support team members’ financial planning for the future by offering 401(k) plan matching, immediate vesting and access to retirement advisors.

Team Members Learning and Development

We remain committed to education and development for our team members. Through a well-structured new team member orientation, coupled with our cultural mindset training, we equip employees with the knowledge, confidence and growth mindset needed to seamlessly integrate into our culture. This culture includes remote work, which has created additional opportunities for virtual and online learning. In 2025, we assigned team members position-specific curricula designed to support ongoing compliance requirements and development within their individual positions. This training also included 18 custom training videos, which were assigned a combined total of approximately 1,300 times. Team members experience on-the-job training, as well as other company-organized opportunities. We held 53 internal learning events in 2025 that provided 89 total hours, or an average of 1.7 hours per week, of learning opportunities facilitated by our Learning & Development team. Additionally, we have built an up-to-date archive of On Demand learning content where team members utilized 635 hours of learning resources.

As a part of our ongoing commitment to developing strong leadership within the organization, we began implementing a comprehensive leadership development program that incorporates regular meetings, intracompany evaluations and targeted coaching calls. Together, we believe these initiatives enhance leadership effectiveness, foster a culture of continuous improvement and contribute to the long-term success of the organization.

We also offer team member education assistance and tuition reimbursement programs. The education assistance program provides support to team members wanting to acquire training outside of company-provided support of their position and/or annual certification requirements. Tracking these requests allows us to have visibility into the interests of team members. The tuition

6

reimbursement program provides support to team members who wish to further their education with accredited institutions. In 2025, 38 team members participated in education assistance, while five team members were approved for the tuition reimbursement program.

Communication, Recognition and Engagement

We believe it is important to provide our team members with open communication with management and the Board of Directors. Our internal communication structure includes various opportunities for team members to interact with our Chief Executive Officer and other members of the executive leadership team members, including periodic all-hands town hall meetings. At the meetings, our Chief Executive Officer and executive leadership team members present informational topics in sessions open to all team members. Additionally, key members of management are provided the opportunity to engage with the Board of Directors through periodic board committee meetings.

Supervision and Regulation

We are subject to extensive regulation under federal and state banking laws. Our earnings are affected by general economic conditions, management policies, changes in state and federal laws and regulations and actions of various regulatory authorities, including those referred to in this section. The following discussion describes elements of an extensive regulatory framework applicable to bank holding companies, financial holding companies, banks and their affiliates and contains specific information about us. Regulation of banks, bank holding companies, financial holding companies and their affiliates is intended primarily for the protection of depositors, the insurance fund of the FDIC and the stability of the financial system, rather than for the protection of our shareholders and creditors.

In addition to banking laws, regulations and regulatory agencies, we are subject to various other laws, regulations, supervision and examination by other regulatory agencies, all of which directly or indirectly affect the operations and management of us and the Bank and our ability to make distributions to shareholders. State and federal law govern the activities in which the Bank engages, the investments it makes, the aggregate amount of loans that may be granted to one borrower and other similar areas of the Bank's business. Various consumer and compliance laws and regulations also affect us and the Bank's operations.

The following discussion is qualified in its entirety by reference to the full text of the statutes, regulations and policies that are described herein. Such statutes, regulations and policies are continually under review by Congress and state legislatures and federal and state regulatory agencies. It is anticipated that the current administration may undertake a comprehensive review of a full range of bank regulatory laws and regulations. It is not clear that such a review will take place and, if it occurs, what the results will be. The likelihood and timing of any changes and the impact such changes may have on us or the Bank is impossible to determine with any certainty. A change in statutes, regulations or regulatory policies applicable to us and our subsidiaries could have a material effect on our business, financial condition or results of operations.

Financial Regulatory Reform

During the past several years, there has been a significant increase in regulation and regulatory oversight for United States financial services firms. The Dodd-Frank Act significantly restructured the financial regulatory regime in the United States and has had a broad impact on the financial services industry as a result of the significant regulatory and compliance changes required under the act. The Dodd-Frank Act imposed prudential regulation on depository institutions and their holding companies, which requires financial firms to control risks and hold adequate capital as defined by capital requirements and liquidity requirements and by the imposition of concentration risk limits. As such, we are subject to stringent standards and requirements with respect to: (i) bank and non-bank acquisitions and mergers; (ii) the “financial activities” in which we engage as a financial holding company; (iii) affiliate transactions; and (iv) proprietary trading and investing in private equity or hedge funds, among other provisions.

The Economic Growth, Regulatory Relief, and Consumer Protection Act (the "EGRRCPA") amended provisions of the Dodd-Frank Act and eased regulations on all but the largest banks. These modifications, among other changes, include: (i) exempting banks with less than $10 billion in assets from the ability-to-repay requirements for certain qualified residential mortgage loans held in portfolio; (ii) eliminating the requirement for appraisals for certain real estate transactions valued at less than $400,000 in rural areas; (iii) exempting banks that originate fewer than 500 open-end and 500 closed-end mortgages from the Home Mortgage Disclosure Act’s expanded data disclosures; (iv) clarifying that, subject to various conditions, reciprocal deposits of another depository institution obtained using a deposit broker through a deposit placement network for purposes of obtaining maximum deposit insurance would not be considered brokered deposits subject to the FDIC’s brokered deposit regulations; (v) raising eligibility for the 18-month exam cycle from banks with $1 billion in assets to banks with $3 billion in assets; and (vi) simplifying capital calculations by requiring regulators to establish for institutions under $10 billion in assets a community bank leverage ratio

7

(tangible equity to average consolidated assets) at a percentage not less than 8% and not greater than 10% that upon the election of a bank would replace the risk-based capital requirements otherwise applicable to such bank. In addition, the Board of Governors of the Federal Reserve System (“Federal Reserve Board”) was required to raise the asset threshold under its Small Bank Holding Company Policy Statement from $1 billion to $3 billion for bank holding companies that are exempt from consolidated capital requirements, provided that such companies meet certain other conditions, such as not engaging in significant non-banking activities.

Certain provisions of the Dodd-Frank Act and other laws, such as the EGRRCPA, are subject to further rulemaking, guidance and interpretation by the applicable federal regulators. New regulations and statutes are periodically proposed and/or adopted that contain wide-ranging proposals for altering the structures, regulations and competitive relationships of financial institutions operating and doing business in the United States. Changes in leadership at various federal banking agencies, including the Federal Reserve Board, can also change the policy direction of these agencies. There have been several significant changes in the leadership at the federal bank regulatory agencies since President Trump took office in January 2025, and more significant changes are expected in the near and medium term. It is unclear how these changes may affect the banking industry in general or how they might affect us or the Bank. Certain of these recent proposals and changes are described below. We will continue to evaluate the impact of any new regulations so promulgated or under consideration, including changes in regulatory costs and fees, modifications to consumer products or disclosures required by the Consumer Financial Protection Bureau (“CFPB”) and the requirements of the enhanced supervision provisions, among others.

From time to time, both state and federal regulators turn their attention to certain specific targeted areas of potential regulatory reform. For example, during the liquidity crisis that occurred in the spring of 2023 with respect to the regional bank sector, there was considerable discussion at the federal level regarding the potential for reform of the level and features of FDIC insurance coverage. Increased attention may occur with respect to capital levels and credit quality due to the potential disruption in the credit markets relating to loans secured by office properties, which are expected to come under increasing stress in the near and mid-term. It is unclear whether the anticipated stress described above will actually occur or the effort that it might have on us or the Bank, if any. The re-election of President Trump could also bring about a shift in the laws of state and federal banking regulatory agencies, depending upon the priorities of the Trump administration and the reactions, if any, of state regulatory agencies to the shifts in focus at the federal bank regulatory agencies. It is unclear how any such shifts might affect the banking industry generally or us or the Bank in particular.

Regulatory Agencies

We are a legal entity separate and distinct from the Bank and the Bank’s wholly-owned subsidiaries. As a financial holding company and a bank holding company, we are regulated under the Bank Holding Company Act of 1956, as amended (“BHCA”), and we and our non-bank subsidiaries are subject to inspection, examination and supervision by the Federal Reserve Board. The BHCA provides generally for “umbrella” regulation of financial holding companies such as us by the Federal Reserve Board and for functional regulation of banking activities by bank regulators, securities activities by securities regulators and insurance activities by insurance regulators. We are also under the jurisdiction of the SEC and are subject to the disclosure and regulatory requirements of the Securities Act of 1933, as amended, and the Securities Exchange Act of 1934, as amended (the “Exchange Act”), each administered by the SEC.

The Bank is a West Virginia state chartered bank. The Bank is not a member bank of the Federal Reserve System (“non-member bank”). Accordingly, the West Virginia Division of Financial Institutions and the FDIC are the primary regulators of the Bank and the Bank's subsidiaries.

Bank Holding Company Activities

In general, the BHCA limits the business of bank holding companies to banking, managing or controlling banks and other activities that the Federal Reserve Board has determined to be so closely related to banking as to be a proper incident thereto. In addition, bank holding companies that qualify and elect to be financial holding companies may engage in any activity, or acquire and retain the shares of a company engaged in any activity, that is either (i) financial in nature or incidental to such financial activity (as determined by the Federal Reserve Board in consultation with the Secretary of the Treasury) or (ii) complementary to a financial activity and does not pose a substantial risk to the safety and soundness of depository institutions or the financial system generally (as solely determined by the Federal Reserve Board). Activities that are financial in nature include securities underwriting and dealing, insurance underwriting and making merchant banking investments. Under current federal law, as a bank holding company, we have elected and qualified to become a financial holding company.

Most of the financial activities that are permissible for financial holding companies also are permissible for a bank’s “financial

8

subsidiary,” except for insurance underwriting, insurance company portfolio investments, real estate investments and development and merchant banking, which must be conducted by a financial holding company. In order for a financial subsidiary of a bank to engage in permissible financial activities, federal law requires, among other conditions, that the parent bank be well managed and have at least a satisfactory Community Reinvestment Act rating, and that the parent bank and all of its bank affiliates must be well capitalized.

To maintain financial holding company status, a financial holding company and all of its depository institution subsidiaries must be “well capitalized” and “well managed” under applicable Federal Reserve Board regulations and the depository institution subsidiaries controlled by the financial holding company must have at least a satisfactory Community Reinvestment Act rating. A depository institution subsidiary is considered to be “well capitalized” if it satisfies the requirements for this status discussed in the sections captioned Capital Requirements and Prompt Corrective Action included in this item. A depository institution subsidiary is considered “well managed” if it received a composite rating of 1 or 2 and management rating of at least “satisfactory” in its most recent examination. If a financial holding company ceases to meet these capital and management requirements, the Federal Reserve Board’s regulations provide that the financial holding company must enter into an agreement with the Federal Reserve Board to comply with all applicable capital and management requirements. Until the financial holding company returns to compliance with such requirements, the Federal Reserve Board may impose limitations or conditions on the conduct of its activities, and the financial holding company may not commence any of the broader financial activities permissible for financial holding companies or acquire a company engaged in such financial activities without prior approval of the Federal Reserve Board. If the financial holding company does not return to compliance with such requirements within 180 days, the Federal Reserve Board may require (i) divestiture of the holding company’s depository institutions or (ii) termination by the financial holding company of any activity that is not an activity that is permissible for bank holding companies under section 4(c)(8) of the BHCA. If a depository institution receives a rating of less than satisfactory under the Community Reinvestment Act, the financial holding company may not commence any additional financial activity or acquire a company engaged in financial activity, until the bank subsidiary has achieved at least a rating of satisfactory under the Community Reinvestment Act.

Refer to the section captioned Community Reinvestment Act included elsewhere in this item.

The Federal Reserve Board has the power to order any bank holding company or its subsidiaries to terminate any activity or to terminate its ownership or control of any subsidiary when the Federal Reserve Board has reasonable grounds to believe that continuation of such activity or such ownership or control constitutes a serious risk to the financial soundness, safety or stability of any bank subsidiary of the bank holding company.

As required by the EGRRCPA, in August 2018, the Federal Reserve Board issued an interim final rule that expanded applicability of the Federal Reserve Board’s Small Bank Holding Company Policy Statement. The interim final rule raised the policy statement’s asset threshold from $1 billion to $3 billion in total consolidated assets for a bank holding company or savings and loan holding company that: (i) is not engaged in significant non-banking activities; (ii) does not conduct significant off-balance sheet activities; and (iii) does not have a material amount of debt or equity securities, other than trust-preferred securities, outstanding that are registered with the SEC. The interim final rule provides that, if warranted for supervisory purposes, the Federal Reserve Board may exclude a company from the threshold increase. Management believes we meet the conditions of the Federal Reserve Board’s Small Bank Holding Company Policy Statement and are therefore excluded from consolidated capital requirements and are subject to specific debt to equity ratio requirements. To be considered well capitalized, a company subject to the Small Bank Holding Company Policy Statement must meet certain requirements, including having a debt-to-equity ratio of 1.0:1 or less. Further, qualification as a small bank holding company allows us to file more abbreviated, and less frequent, consolidated and holding company reports with the Federal Reserve. The Bank remains subject to regulatory capital requirements administered by the federal banking agencies.

Federal Securities Regulation

We are subject to the information, proxy solicitation, insider trading and other restrictions and requirements of the SEC under the Exchange Act. We are subject to the Sarbanes-Oxley Act of 2002, which imposes numerous reporting, accounting, corporate governance and business practices on companies, as well as financial and other professionals who have involvement with the United States public markets. We are generally subject to these requirements and applicable SEC rules and regulations.

9

Acquisitions

The BHCA, the Bank Merger Act, the Change in Bank Control Act (the “CIBCA”), West Virginia banking law, and other federal and state statutes regulate investments in and acquisitions of commercial banks and their parent holding companies. The BHCA requires the prior approval of the Federal Reserve Board for the direct or indirect acquisition by a bank holding company of more than 5.0% of the voting shares of a commercial bank or its parent holding company. Under the Bank Merger Act, the prior approval of the FDIC (in the case of a state chartered non-member bank) or other appropriate bank regulatory authority in other instances is required for a bank to merge with another bank or purchase substantially all of the assets or assume any deposits of another bank. Under the CIBCA, a filing with the Federal Reserve Board is required under certain circumstances if an investor acquires more than 9.9% of any class of voting securities of a state member bank or a bank holding company. In reviewing applications seeking approval of merger and acquisition transactions, the bank regulatory authorities will consider, among other things, the competitive effect and public benefits of the transactions, the capital position and managerial strength of the combined organization, the risks to the stability of the United States banking or financial system, the applicant’s performance record under the Community Reinvestment Act (refer to the section captioned Community Reinvestment Act included elsewhere in this item) and its compliance with consumer protection laws and the effectiveness of the subject organizations in combating money laundering activities and other financial crimes.

Current federal law authorizes interstate acquisitions of banks and bank holding companies without geographic limitation. Furthermore, a bank headquartered in one state is authorized to merge with a bank headquartered in another state, subject to market share limitations and any state requirement that the target bank shall have been in existence and operating for a minimum period of time. Under the Dodd-Frank Act, national and state-chartered banks may open an initial branch in a state other than its home state by establishing a de novo branch at any location in such host state at which a bank chartered in such a host state could establish a branch. Applications to establish such branches must be filed with the appropriate bank regulators.

Other Safety and Soundness Regulations

The Federal Reserve Board has enforcement powers over bank holding companies and their non-banking subsidiaries. The Federal Reserve Board has authority to prohibit activities that represent unsafe or unsound practices or constitute violations of law, rule, regulation, administrative order or written agreement with a federal regulator. These powers may be exercised through the issuance of cease and desist orders, civil money penalties or other enforcement and remedial actions.

Federal and state banking regulators also have broad enforcement powers over the Bank, including the power to impose fines and other civil and criminal penalties and to appoint a receiver in order to conserve the assets of the Bank for the benefit of depositors and other creditors. The West Virginia Commissioner of Banking also has the authority to take possession of a West Virginia state bank in certain circumstances and to appoint the FDIC as receiver, including, among other things, when it appears necessary in order to protect or preserve the assets of that bank for the benefit of depositors and other creditors.

Anti-Money Laundering and the USA PATRIOT Act

A major focus of governmental policy on financial institution regulations has been aimed at combating money laundering and terrorist financing. The USA PATRIOT Act of 2001 (the “Patriot Act”) substantially broadened the scope of United States anti-money laundering laws and regulations by imposing significant new compliance and due diligence obligations, creating new crimes and penalties and expanding the extra-territorial jurisdiction of the United States. The Patriot Act contains anti-money laundering measures affecting insured depository institutions and their affiliates, broker-dealers and certain other financial institutions. Financial institutions are prohibited from entering into specified financial transactions and account relationships and must use enhanced due diligence procedures in their dealings with certain types of high-risk customers and implement a written customer identification program. Financial institutions must take certain steps to assist government agencies in detecting and preventing money laundering and report certain types of transactions, including suspicious transactions. The Patriot Act includes the International Money Laundering Abatement and Financial Anti-Terrorism Act of 2001, which grants the Secretary of the United States Treasury broad authority to establish regulations and to impose requirements and restrictions on financial institutions’ operations. The United States Treasury has issued a number of regulations to implement the Patriot Act under this authority requiring financial institutions to maintain appropriate policies, procedures and controls to detect, prevent and report money laundering and terrorist financing. Regulatory authorities routinely examine financial institutions for compliance with these obligations, and failure of a financial institution to maintain and implement adequate programs to combat money laundering and terrorist financing, or to comply with all of the relevant laws or regulations, could have serious legal, financial and reputational consequences for the institution, including imposing substantial money penalties and causing applicable bank regulatory authorities not to approve merger or acquisition transactions when regulatory approval is required or to prohibit such transactions even if approval is not required. Regulatory authorities have imposed cease and desist orders and civil money

10

penalties against institutions found to be violating these obligations.

Office of Foreign Assets Control Regulation

The United States Treasury Department’s Office of Foreign Assets Control (“OFAC”) administers and enforces economic and trade sanctions against targeted foreign countries, regimes and individuals, under authority of various laws, including designated foreign countries, nationals and others. OFAC publishes lists of specially designated targets and countries. We are responsible for, among other things, blocking accounts of, and transactions with, such targets and countries, prohibiting unlicensed trade and financial transactions with them and reporting blocked transactions to OFAC after their occurrence. Failure to comply with these sanctions could have serious legal, financial and reputational consequences, including the imposition of financial penalties, causing applicable bank regulatory authorities not to approve merger or acquisition transactions when regulatory approval is required or to prohibit such transactions even if approval is not required.

Incentive Compensation

As part of its regular, risk-focused examination process, the Federal Reserve Board reviews the incentive compensation arrangements of banking organizations that are not “large, complex banking organizations,” such as us. These reviews are tailored to each organization based on the scope and complexity of the organization’s activities and the prevalence of incentive compensation arrangements. The findings of this supervisory initiative will be included in reports of examination. Deficiencies will be incorporated into the organization’s supervisory ratings, which can affect the organization’s ability to make acquisitions and take other actions. Enforcement actions may be taken against a banking organization if its incentive compensation arrangements, or related risk-management control or governance processes, pose a risk to the organization’s safety and soundness and the organization is not taking prompt and effective measures to correct the deficiencies.

The Federal Reserve Board, Office of the Comptroller of the Currency and FDIC have issued comprehensive final guidance on incentive compensation policies intended to ensure that the incentive compensation policies of banking organizations do not undermine the safety and soundness of such organizations by encouraging excessive risk taking. The guidance, which covers all employees that have the ability to materially affect the risk profile of an organization, either individually or as part of a group, is based upon the key principles that a banking organization’s incentive compensation arrangements should (i) provide incentives that do not encourage risk-taking beyond the organization’s ability to effectively identify and manage risks; (ii) be compatible with effective internal controls and risk management; and (iii) be supported by strong corporate governance, including active and effective oversight by the organization’s board of directors.

In October 2022, the SEC adopted a final rule implementing the incentive-based compensation recovery (“clawback”) provisions of the Dodd-Frank Act. The final rule directs national securities exchanges and associations, including NASDAQ, to require listed companies to develop and implement clawback policies to recover erroneously awarded incentive-based compensation from current or former executive officers in the event of a required accounting restatement due to material noncompliance with any financial reporting requirement under the securities laws, and to disclose their clawback policies and any actions taken under these policies. We adopted a clawback policy pursuant to the NASDAQ listing standards in October 2023.

In addition, SEC regulations require public companies, like us, to provide various disclosures about executive compensation in annual reports and proxy statements and to present to their shareholders a non-binding vote on the approval of executive compensation.

The scope and content of the United States banking regulators’ policies on incentive compensation and SEC rulemaking with respect to executive compensation are continuing to develop.

The Volcker Rule

The Volcker Rule implements section 619 of the Dodd-Frank Act and prohibits insured depository institutions and affiliated companies and foreign banks which engage in the banking business in the United States (together, “banking entities”) from engaging in proprietary trading of certain securities, derivatives and commodity futures and options on these instruments, for their own account and prohibits banking entities from investing in or sponsoring certain types of funds (“covered funds”) unless otherwise permitted by the Volcker Rule. EGRRCPA exempts from the Volcker Rule banking entities with $10 billion or less in total consolidated assets and have total trading assets and trading liabilities that are less than 5% of total consolidated assets. As of July 22, 2019, the effective date for the rulemaking implementing the EGRRCPA exemption, and December 31, 2025, we and the Bank are below these thresholds and thus exempt from the Volcker Rule.

11

Limit on Dividends

We are a legal entity separate and distinct from the Bank and the Bank’s wholly-owned subsidiaries. Our ability to obtain funds for the payment of dividends to our shareholders and for other cash requirements largely depends on the amount of dividends the Bank declares. However, the Federal Reserve Board expects us to serve as a source of financial and managerial strength to the Bank to reduce potential loss exposure to the Bank’s depositors and to the FDIC insurance fund in the event the Bank becomes insolvent or is in danger of becoming insolvent or is otherwise experiencing financial stress. Under this requirement, we are expected to commit resources to support the Bank, including at times when we may not be in a financial position to provide such resources. Any capital loans by us to the Bank would be subordinate in right of payment to depositors and to certain other indebtedness of the Bank. In the event of bankruptcy, any commitment by us to a federal bank regulatory agency to maintain the capital of the Bank will be assumed by the bankruptcy trustee and entitled to priority of payment.

Accordingly, the Federal Reserve Board may require us to retain capital for further investment in the Bank, rather than pay dividends to our shareholders. The Bank may not pay dividends to us if, after paying those dividends, the Bank would fail to meet the required minimum levels under the risk-based capital guidelines and the minimum leverage ratio requirements. The Bank must have the approval from the West Virginia Division of Financial Institutions if a dividend in any year would cause the total dividends for that year to exceed the sum of the current year’s net earnings and the retained earnings for the preceding two years, less required transfers to surplus. These provisions could limit our ability to pay dividends on our outstanding common shares.

In addition, we and the Bank are subject to other regulatory policies and requirements relating to the payment of dividends, including requirements to maintain adequate capital above regulatory minimums (refer to the Capital Requirements section below). The appropriate federal regulatory authority is authorized to determine under certain circumstances relating to the financial condition of a bank holding company or a bank that the payment of dividends would be an unsafe or unsound practice and to prohibit payment thereof. The appropriate federal regulatory authorities have stated that paying dividends that deplete a bank’s capital base to an inadequate level would be an unsafe and unsound banking practice and that banking organizations should generally pay dividends only out of current operating earnings. In addition, the Federal Reserve Board has indicated that bank holding companies should carefully review their dividend policy and has discouraged payment ratios that are at maximum allowable levels unless both asset quality and capital are very strong.

Transactions with Affiliates

Transactions with affiliates are regulated under federal banking law. The Federal Reserve Act, made applicable to the Bank by section 8(j) of the Federal Deposit Insurance Act (the “FDIA”), imposes quantitative and qualitative requirements and collateral requirements on “covered transactions” by the Bank with, or for the benefit of, certain of its affiliates and generally requires those transactions to be on arm's length terms at least as favorable to the Bank as if the transaction were conducted by the Bank with an unaffiliated third-party. Covered transactions are defined by the Federal Reserve Act to include a loan or extension of credit to an affiliate, as well as a purchase of securities issued by an affiliate, a purchase of assets (unless otherwise exempted by the Federal Reserve Board) from the affiliate, certain derivative transactions that create a credit exposure by a bank to an affiliate, the acceptance of securities issued by the affiliate as collateral for a loan and the issuance of a guarantee, acceptance or letter of credit on behalf or for the benefit of an affiliate. In general, any such transaction by the Bank or its subsidiaries with an affiliate must be limited to certain thresholds on an individual and aggregate basis and, for credit transactions with any affiliate, must be secured by designated amounts of specified collateral.

Federal law also limits a bank’s authority to extend credit to its directors, executive officers and 10% stockholders, as well as to entities controlled by such persons. Among other things, extensions of credit to insiders are required to be made on terms that are substantially the same as, and follow credit underwriting procedures that are not less stringent than, those prevailing for comparable transactions with unaffiliated persons. Also, the terms of such extensions of credit may not involve more than the normal risk of non-repayment or present other unfavorable features, may not exceed certain limitations on the amount of credit extended to such persons individually and in the aggregate and, in certain instances, may require the approval of the Bank's Board of Directors.

Capital Requirements

Federal regulations require FDIC-insured depository institutions, such as the Bank, to comply with applicable federal capital adequacy standards (the “Capital Rules”). State chartered banks, such as the Bank, are subject to similar capital requirements adopted by their state regulators, which, in our case, is the West Virginia Division of Financial Institutions.

The Capital Rules include a “Common Equity Tier 1” (“CET1”) measure, specify that Tier 1 capital consists of CET1 and

12

“Additional Tier 1 capital” instruments meeting certain requirements, define CET1 narrowly by requiring that most deductions/adjustments to regulatory capital measures be made to CET1 and not to the other components of capital, and expand the scope of the deductions/adjustments to capital as compared to existing regulations.

Under the Capital Rules, the minimum capital ratios currently effective are:

In addition to establishing the minimum regulatory capital requirements, the Capital Rules limit capital distributions and certain discretionary bonus payments to management if the institution does not hold a “capital conservation buffer” consisting of 2.5% of CET 1 capital to risk-weighted assets above the amount necessary to meet its minimum risk-based capital requirements.

The Capital Rules prescribe a standardized approach for risk weightings that expanded the risk-weighting categories from the general risk-based capital rules to a much larger and more risk-sensitive number of categories, depending on the nature of the assets, generally ranging from 0% for United States government and agency securities, to 600% for certain equity exposures, and resulting in higher risk weights for a variety of asset categories.

The optional community bank leverage ratio ("CBLR") framework, which was issued through interagency guidance, provides a simple alternative measure of capital adequacy for electing qualifying depository institutions as directed under the EGRRCPA. Under the CBLR, if a qualifying depository institution elects to use such measure, such institution (i) will be considered well capitalized if its ratio of Tier 1 capital to average total consolidated assets (i.e., leverage ratio) exceeds a 9% threshold, subject to a limited two quarter grace period, during which period the leverage ratio cannot go 100 basis points below the then applicable threshold (i.e., 9%) and (ii) will not be required to calculate and report risk-based capital ratios. The bank elected to begin using the CBLR framework for the first quarter of 2021 and intends to use this measure for the foreseeable future.

Eligibility criteria to utilize the CBLR includes the following:

●    Total assets of less than $10 billion;

●    Total trading assets plus liabilities of 5% or less of consolidated assets;

●    Total off-balance sheet exposures of 25% or less of consolidated assets;

●    Cannot be an advanced approaches banking organization; and

●    Leverage ratio greater than 9%.

We have policies and procedures in place to establish internal capital levels and to monitor and stress-test such levels on a regular basis to ensure we remain above regulatory capital requirements. The Bank's CBLR at December 31, 2025 was 11.1%.

In November 2025, the Office of the Comptroller of the Currency, the Board of Governors of the Federal Reserve System and the FDIC requested comment on a notice of proposed rulemaking that would relieve regulatory burden on certain qualifying community banks by revising the federal banking agencies' CBLR framework to lower the CBLR requirement from greater than 9% to greater than 8%. The proposal also would extend the length of the CBLR framework "grace period" from two quarters to four quarters, which allows qualifying community banks that have elected to use the CBLR framework to continue to use the CBLR framework if they cease to comply with the qualifying criteria.

Prompt Corrective Action

The FDIA requires, among other things, that the federal banking agencies take “prompt corrective action” in respect of depository institutions that do not meet minimum capital requirements. The FDIA includes the following five capital tiers: “well capitalized,” “adequately capitalized,” “undercapitalized,” “significantly undercapitalized” and “critically undercapitalized.” A depository institution’s capital tier will depend upon how its capital levels compare with various relevant capital measures and certain other factors, as established by regulation. The relevant capital measures, which reflect changes under the Capital Rules that became effective on January 1, 2015, are the total capital ratio, the CET1 capital ratio, the Tier 1 capital ratio and the leverage ratio.

A bank will be (i) “well capitalized” if the institution has a total risk-based capital ratio of 10.0% or greater, a CET1 capital ratio of 6.5% or greater, a Tier 1 risk-based capital ratio of 8.0% or greater and a leverage ratio of 5.0% or greater, and is not subject to

13

any order or written directive by any such regulatory authority to meet and maintain a specific capital level for any capital measure; (ii) “adequately capitalized” if the institution has a total risk-based capital ratio of 8.0% or greater, a CET1 capital ratio of 4.5% or greater, a Tier 1 risk-based capital ratio of 6.0% or greater and a leverage ratio of 4.0% or greater and is not “well capitalized”; (iii) “undercapitalized” if the institution has a total risk-based capital ratio that is less than 8.0%, a CET1 capital ratio less than 4.5%, a Tier 1 risk-based capital ratio of less than 6.0% or a leverage ratio of less than 4.0%; (iv) “significantly undercapitalized” if the institution has a total risk-based capital ratio of less than 6.0%, a CET1 capital ratio less than 3.0%, a Tier 1 risk-based capital ratio of less than 4.0% or a leverage ratio of less than 3.0%; and (v) “critically undercapitalized” if the institution’s tangible equity is equal to or less than 2.0% of average quarterly tangible assets. An institution may be downgraded to, or deemed to be within, a capital category that is lower than indicated by its capital ratios if it is determined to be in an unsafe or unsound condition or if it receives an unsatisfactory examination rating with respect to certain matters. A bank’s capital category is determined solely for the purpose of applying prompt corrective action regulations and the capital category may not constitute an accurate representation of the bank’s overall financial condition or prospects for other purposes.

As noted above, the EGRRCPA eliminated these risk-based capital requirements for banks with less than $10 billion in assets who elect to follow the CBLR. As of December 31, 2025, the Bank had total assets of $3.3 billion and has elected to follow the CBLR framework.

The FDIA generally prohibits a depository institution from making any capital distributions (including payment of a dividend) or paying any management fee to its parent holding company if the depository institution would thereafter be “undercapitalized.” “Undercapitalized” institutions are subject to growth limitations and are required to submit a capital restoration plan. The agencies may not accept such a plan without determining, among other things, that the plan is based on realistic assumptions and is likely to succeed in restoring the depository institution’s capital to an acceptable level. In addition, for a capital restoration plan to be acceptable, the depository institution’s parent holding company must guarantee that the institution will comply with such capital restoration plan. The bank holding company must also provide appropriate assurances of performance. The aggregate liability of the parent holding company is limited to the lesser of (i) an amount equal to 5.0% of the depository institution’s total assets at the time it became undercapitalized and (ii) the amount which is necessary (or would have been necessary) to bring the institution into compliance with all capital standards applicable with respect to such institution as of the time it fails to comply with the plan. If a depository institution fails to submit an acceptable plan, it will thereafter be treated as if it is “significantly undercapitalized” until such capital deficiency is corrected.

“Significantly undercapitalized” depository institutions may be subject to a number of requirements and restrictions, including orders to sell sufficient voting stock to become “adequately capitalized,” requirements to reduce total assets and cessation of receipt of deposits from correspondent banks. “Critically undercapitalized” institutions may be subject to the appointment of a receiver or conservator.

The appropriate federal banking agency may, under certain circumstances, reclassify a well-capitalized insured depository institution as adequately capitalized. The FDIA provides that an institution may be reclassified if the appropriate federal banking agency determines (after notice and opportunity for hearing) that the institution is in an unsafe or unsound condition or deems the institution to be engaging in one or more unsafe or unsound practices. The appropriate agency is also permitted to require an adequately capitalized or undercapitalized institution to comply with the supervisory provisions as if the institution were in the next lower category (but not treat a significantly undercapitalized institution as critically undercapitalized) based on supervisory information other than the capital levels of the institution.

In addition to the “prompt corrective action” directives, failure to meet capital guidelines may subject a banking organization to a variety of other enforcement remedies, including additional substantial restrictions on its operations and activities, termination of deposit insurance by the FDIC and, under certain conditions, the appointment of a conservator or receiver.

For further information regarding the capital ratios and leverage ratio of us and the Bank, refer to the discussion under the section captioned Capital and Stockholders’ Equity included in Item 7 – Management's Discussion and Analysis of Financial Condition and Results of Operations and Note 15 – Regulatory Capital Requirements accompanying the consolidated financial statements included elsewhere in this report.

Safety and Soundness Standards

The FDIA requires the federal bank regulatory agencies to prescribe standards, by regulations or guidelines, relating to internal controls, information systems, internal audit systems, cybersecurity, liquidity, data protection, loan documentation, credit underwriting, interest rate risk exposure, asset growth, asset quality, earnings, stock valuation and compensation, fees and benefits and such other operational and managerial standards as the agencies deem appropriate. Guidelines adopted by the federal bank

14

regulatory agencies establish general standards relating to risk management, legal and regulatory compliance, internal controls and information systems, internal audit systems, loan documentation, credit underwriting, interest rate exposure, asset growth and compensation, fees and benefits, among other subjects. In general, the guidelines require, among other things, appropriate systems and practices to identify and manage the risk and exposures specified in the guidelines. The guidelines prohibit excessive compensation as an unsafe and unsound practice and describe compensation as excessive when the amounts paid are unreasonable or disproportionate to the services performed by an executive officer, employee, director or principal stockholder.

In addition, the agencies adopted regulations that authorize, but do not require, an agency to order an institution that has been given notice by an agency that it is not satisfying any of such safety and soundness standards to submit a compliance plan. If, after being so notified, an institution fails to submit an acceptable compliance plan or fails in any material respect to implement an acceptable compliance plan, the agency must issue an order directing action to correct the deficiency and may issue an order directing other actions of the types to which an undercapitalized institution is subject under the “prompt corrective action” provisions of the FDIA. Refer to the Prompt Corrective Action section above. If an institution fails to comply with such an order, the agency may seek to enforce such order in judicial proceedings and to impose civil money penalties, cease and desist orders and other similar enforcement measures.

Deposit Insurance

The Bank’s deposits are insured by the FDIC up to the limits set forth under applicable law. The FDIC imposes a risk-based deposit premium assessment system that determines assessment rates for an insured depository institution based on an assessment rate calculator, which is based on a number of elements to measure the risk each insured depository institution poses to the FDIC insurance fund. The assessment rate is applied to total average assets, less tangible equity, as defined under the Dodd-Frank Act. The assessment rate schedule can change from time to time at the discretion of the FDIC, subject to certain limits. Under the current system, premiums are assessed quarterly. In conjunction with the Amended Restoration Plan, the FDIC Board increased deposit insurance assessment rates for all insured depository institutions, effective the first quarterly assessment period of 2023. The increased assessment rates were effective for 2024 and 2025.

Under the FDIA, the FDIC may terminate deposit insurance upon a finding that the institution has engaged in unsafe and unsound practices, is in an unsafe or unsound condition to continue operations, or has violated any applicable law, regulation, rule, order or condition imposed by the FDIC.

Depositor Preference

The FDIA provides that, in the event of the “liquidation or other resolution” of an insured depository institution, the claims of depositors of the institution, including the claims of the FDIC as subrogee of insured depositors, and certain claims for administrative expenses of the FDIC as a receiver, will have priority over other general unsecured claims against the institution. If an insured depository institution fails, insured and uninsured depositors, along with the FDIC, will have priority in payment ahead of unsecured, non-deposit creditors, including depositors whose deposits are payable only outside of the United States and the parent bank holding company, with respect to any extensions of credit they have made to such insured depository institution.

Federal Home Loan Bank Membership

The Federal Home Loan Bank (“FHLB”) provides credit to its members in the form of advances. As a member of the FHLB of Pittsburgh, the Bank must maintain an investment in the capital stock of that FHLB in an amount equal to 0.10% of the calculated Member Asset Value (“MAV”), plus 4.0% of outstanding advances and 0.75% of outstanding letters of credit. The MAV is determined by taking line item values for various investment and loan classes and applying an FHLB haircut to each item. At December 31, 2025, the Bank held capital stock of FHLB in the amount of $2.1 million.

Federal and State Consumer Laws

We are subject to a number of federal and state consumer protection laws that extensively govern the relationships between us, the Bank and the Bank's consumer customers. These laws include the Equal Credit Opportunity Act, the Fair Credit Reporting Act, the Truth in Lending Act, the Truth in Savings Act, the Electronic Fund Transfer Act, the Expedited Funds Availability Act, the Home Mortgage Disclosure Act (“HMDA”), the Fair Housing Act, the Real Estate Settlement Procedures Act, the Fair Debt Collection Practices Act, the Service Members Civil Relief Act and these federal laws’ respective state-law counterparts, as well as state usury laws and state and federal laws regarding unfair and deceptive acts and practices. These and other federal laws, among other things, require disclosures of the cost of credit and terms of deposit accounts, provide substantive consumer rights, prohibit discrimination in credit transactions, regulate the use of credit report information, provide financial privacy protections,

15

prohibit unfair, deceptive and abusive practices, restrict our and the Bank's ability to raise interest rates in certain respects and subject us and the Bank to substantial regulatory oversight. Violations of applicable consumer protection laws can result in significant potential liability from litigation brought by customers, including actual damages, restitution and attorneys’ fees. Federal bank regulators, state attorneys general and state and local consumer protection agencies may also seek to enforce consumer protection requirements and obtain these and other remedies, including regulatory sanctions, customer rescission rights, action by the state and local attorneys general in each jurisdiction in which we operate and civil money penalties. Failure to comply with consumer protection requirements may also result in our failure to obtain any required bank regulatory approval for merger or acquisition transactions we may wish to pursue or our prohibition from engaging in such transactions even if approval is not required.

The CFPB is a federal agency responsible for implementing federal consumer protection laws. The CFPB has broad rulemaking authority for a wide range of consumer financial laws that apply to all banks, including, among other things, the authority to prohibit “unfair, deceptive or abusive” acts and practices. The Dodd-Frank Act permits states to adopt consumer protection laws and standards that are more stringent than those adopted at the federal level and, in certain circumstances, permits state attorneys general to enforce compliance with both the state and federal laws and regulations. The CFPB also has examination and enforcement authority over all banks with more than $10 billion in assets, as well as their affiliates, which authority does not apply to us or the Bank. As the Bank’s principal federal regulator, the FDIC has examination and enforcement authority over the Bank.

The CFPB has concentrated certain of its rulemaking efforts on a variety of home mortgage-related topics required under the Dodd-Frank Act, including mortgage origination disclosures, minimum underwriting standards and ability to repay, high-cost mortgage lending and servicing practices. The CFPB issued final rules changing the reporting requirements for lenders under the HMDA. The rules expand the range of transactions subject to these requirements to include most securitized residential mortgage loans and credit lines. The rules also increase the overall amount of data required to be collected and submitted, including additional data points about the loans and borrowers. The CFPB is one of the areas of bank regulation that is likely to become the subject of reform under the Trump administration. It is unclear as to the likely reach of such anticipated reform efforts, if any, will have on us or the Bank.

Financial Privacy

Federal law currently contains extensive customer privacy protection provisions, including substantial customer privacy protections provided under the Financial Services Modernization Act of 1999 (commonly known as the Gramm-Leach-Bliley Act). Under these provisions, a financial institution must provide to its customers, at the inception of the customer relationship and annually thereafter, the institution’s policies and procedures regarding the handling of customers’ nonpublic personal financial information. These provisions also provide that, except for certain limited exceptions, an institution may not provide such personal information to unaffiliated third parties unless the institution discloses to the customer that such information may be so provided and the customer is given the opportunity to opt out of such disclosure. Federal law makes it a criminal offense, except in limited circumstances, to obtain or attempt to obtain customer information of a financial nature by fraudulent or deceptive means. In December 2015, Congress amended the Gramm-Leach-Bliley Act privacy provisions to include an exception under which a financial institution is not required to provide annual privacy notices to customers if such financial institution meets certain conditions. In August 2018, the CFPB finalized a rule implementing this provision and that rule became effective September 17, 2018.

Automated Overdraft Payment Regulation

Federal regulators have adopted consumer protection regulations and guidance related to automated overdraft payment programs offered by financial institutions. Regulation E prohibits financial institutions from charging consumers fees for paying overdrafts on automated teller machine and one-time debit card transactions, unless a consumer consents, or opts in, to the overdraft service for those types of transactions. Financial institutions must also provide consumers with a notice that explains the financial institution’s overdraft services, including the fees associated with the service and the consumer’s choices. In addition, FDIC-supervised institutions must monitor overdraft payment programs for “excessive or chronic” customer use and undertake “meaningful and effective” follow-up action with customers that overdraw their accounts more than six times during a rolling 12-month period. Financial institutions must also impose daily limits on overdraft charges, review and modify check-clearing procedures, prominently distinguish account balances from available overdraft coverage amounts and ensure board and management oversight regarding overdraft payment programs.

16

Community Reinvestment Act

The Community Reinvestment Act of 1977 (“CRA”) requires depository institutions to assist in meeting the credit needs of their market areas consistent with safe and sound banking practice. Under the CRA, each depository institution is required to help meet the credit needs of its market areas by, among other things, providing credit to low- and moderate-income individuals and communities. The CRA requires the Bank’s primary federal bank regulatory agency, the FDIC, to assess the Bank’s record in meeting the credit needs of the communities served by the Bank, including low- and moderate-income neighborhoods and persons. Institutions are assigned one of four ratings: (i) “Outstanding,” (ii) “Satisfactory,” (iii) “Needs to Improve” or (iv) “Substantial Noncompliance.”

In order for a financial holding company to commence any new activity permitted by the BHCA, or to acquire any company engaged in any new activity permitted by the BHCA, each insured depository institution subsidiary of the financial holding company must have received a rating of at least “Satisfactory” in its most recent examination under the CRA. Furthermore, banking regulators take into account CRA ratings when considering a request for an approval of a proposed transaction to consolidate with or acquire the assets or assume the liabilities of an insured depository institution, or to open or relocate a branch office.

Cybersecurity

In March 2015, federal regulators issued two related statements regarding cybersecurity. One statement indicated that financial institutions should design multiple layers of security controls to establish lines of defense and to ensure that their risk management processes also address the risk posed by compromised customer credentials, including security measures to reliably authenticate customers accessing internet-based services of the financial institution. The other statement indicated that a financial institution’s management is expected to maintain sufficient business continuity planning processes to ensure the rapid recovery, resumption and maintenance of the institution’s operations after a cyberattack involving destructive malware. A financial institution is also expected to develop appropriate processes to enable recovery of data and business operations and address rebuilding network capabilities and restoring data if the institution or its critical service providers fall victim to this type of cyberattack. If we fail to observe the regulatory guidance, we could be subject to various regulatory sanctions, including financial penalties and also could be subject to potential litigation from our customers and the Bank's customers and others who are harmed by a cyberattack against us or the Bank.

In the ordinary course of business, we rely on electronic communications and information systems to conduct our operations and to store sensitive data. We employ a variety of preventative and detective tools to monitor, block and provide alerts regarding suspicious activity, as well as to report on any suspected advanced persistent threats. Notwithstanding our defensive measures, the threat from cyberattacks is continuous and severe, attacks are sophisticated and increasing in volume and attackers respond rapidly to changes in defensive measures. While to date we are not aware of having experienced a significant compromise, significant data loss or any material financial losses related to cybersecurity attacks, our systems and those of our customers and third-party service providers are under constant threat and it is possible that we could experience a significant event in the future. Risks and exposures related to cybersecurity attacks are expected to remain high for the foreseeable future due to the rapidly evolving nature and sophistication of these threats, as well as due to the expanding use of Internet banking, mobile banking and other technology-based products and services by us and our customers.

New rules promulgated by the SEC in the summer of 2023 require us, as an Exchange Act reporting company, (i) to report to the SEC on an accelerated basis (i.e., within four business days) any "cybersecurity incident" which is deemed material, unless certain exceptions apply, and (ii) to disclose our process for assessing, identifying and maintaining material cybersecurity risks and threats. Our responses to any such incidents are monitored by the Audit Committee of the Board of Directors.

For further discussion of risks related to cybersecurity, refer to Item 1C - Cybersecurity included elsewhere in this report.

Monetary Policy and Economic Conditions

The business of financial institutions is affected not only by general economic conditions, but also by the policies of various governmental regulatory agencies, including the Federal Reserve Board. The Federal Reserve Board regulates money and credit conditions and interest rates to influence general economic conditions primarily through open market operations in United States government securities, changes in the discount rate on bank borrowings and changes in the reserve requirements against depository institutions’ deposits. These policies and regulations significantly affect the overall growth and distribution of loans, investments and deposits and the interest rates charged on loans, as well as the interest rates paid on deposit accounts.

17

The monetary policies of the Federal Reserve Board have had a significant effect on the operating results of financial institutions in the past and are expected to continue to have significant effects in the future. In view of the changing conditions in the economy and the money markets, we cannot predict future changes in interest rates, credit availability or deposit levels.

Effect of Environmental Regulation

Our primary exposure to environmental risk is through our lending activities. In cases when management believes environmental risk potentially exists, we mitigate our environmental risk exposures by requiring environmental site assessments at the time of loan origination to confirm collateral quality as to commercial real estate parcels posing higher than normal potential for environmental impact, as determined by reference to present and past uses of the subject property and adjacent sites. Environmental assessments are typically required prior to any foreclosure activity involving non-residential real estate collateral. With regard to residential real estate lending, management reviews those loans with inherent environmental risk on an individual basis and makes decisions based on the dollar amount of the loan and the materiality of the specific credit. We do not currently anticipate any material effect on anticipated capital expenditures, earnings or competitive position as a result of compliance with federal, state or local environmental protection laws or regulations. The recent focus on environmental, sustainable and governance and climate change considerations in the business community and among our and the Bank's other constituents may over time affect our and the Bank's approach to evaluating and addressing environmental risk and may increase the costs associated with monitoring and mitigating those risks, although it is not clear if this recent focus will continue in the coming years.

Other Regulatory Matters

We are subject to examinations and investigations by federal and state banking regulators, as well as the SEC, various taxing authorities and various state regulators. We periodically receive requests for information from regulatory authorities in various states, including state insurance commissions and state attorneys general, securities regulators and other regulatory authorities, concerning our business and accounting practices and concerning other matters as to which we might be in possession of information which is responsive to such information requests. Such requests are considered incidental to the normal conduct of business.

Future Legislation and Regulation

From time to time, Congress may enact legislation that affects the regulation of the financial services industry and state legislatures may enact legislation affecting the regulation of financial institutions chartered by or operating in those states. Federal and state regulatory agencies also periodically propose and adopt changes to their existing regulations or change the manner in which existing regulations are applied. The substance or impact of pending or future legislation or regulation, or the application thereof, cannot be predicted, although enactment of any proposed legislation could impact the regulatory structure under which we operate and may significantly increase costs, impede the efficiency of internal business processes, require an increase in regulatory capital, require modifications to our business strategy or limit our ability to pursue business opportunities in an efficient manner. A change in statutes, regulations or regulatory policies applicable to us or any of our subsidiaries could have a material, adverse effect on our business, financial condition and results of operations.

Corporate and Available Information

We file reports with the SEC, including Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and any other filings required by the SEC. We make available through our website (http://www.mvbbanking.com), free of charge, our Annual Reports on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K and all amendments to those reports, as soon as reasonably practicable after we electronically file such material with, or furnish it to, the SEC. The information on our website is not incorporated by reference into this Annual Report on Form 10-K or in any other report or document we file with the SEC.

The SEC maintains an Internet site (http://www.sec.gov) that contains reports, proxy and information statements and other information regarding issuers that file electronically with the SEC.