NORTHERN TRUST CORP (NTRS) Business

ITEM 1 – BUSINESS

Northern Trust Corporation

Northern Trust Corporation (the “Corporation”) is a leading provider of wealth management, asset servicing, asset management and banking solutions to corporations, institutions, families and individuals. The Corporation is a financial holding company conducting business through various U.S. and non-U.S. subsidiaries, including The Northern Trust Company (Bank).

The Bank is an Illinois banking corporation headquartered in Chicago and the Corporation’s principal subsidiary. Founded in 1889, the Bank conducts its business through its U.S. operations and its various U.S. and non-U.S. branches and subsidiaries. At December 31, 2025, the Bank had consolidated assets of $176.4 billion and common bank equity capital of $11.4 billion.

The Corporation was formed as a holding company for the Bank in 1971. The Corporation has a global presence with offices in 24 U.S. states and Washington, D.C., and across 22 locations in Canada, Europe, the Middle East and the Asia-Pacific region. At December 31, 2025, the Corporation had consolidated total assets of $177.1 billion and stockholders’ equity of $13.0 billion.

The Corporation expects that the Bank will continue in the foreseeable future to be the major source of the Corporation’s consolidated assets, revenues, and net income. Except where the context otherwise requires, references to “Northern Trust,” “we,” “us,” “our,” “its,” or similar terms mean Northern Trust Corporation and its subsidiaries on a consolidated basis.

Business Overview

Northern Trust focuses on managing and servicing client assets through its two client-focused reporting segments: Asset Servicing and Wealth Management. Asset management and related services are provided to Asset Servicing and Wealth Management clients primarily by the Asset Management business. The revenue and expenses of Asset Management and certain other support functions are allocated fully to Asset Servicing and Wealth Management. Northern Trust reports certain income and expense items not allocated to Asset Servicing and Wealth Management in Other.

ASSET SERVICING

Asset Servicing (AS) is a leading global provider of asset servicing and related services to corporate and public retirement funds, foundations, endowments, fund managers, insurance companies, sovereign wealth funds, and other institutional investors around the globe. Asset servicing and related services encompass a full range of capabilities including but not limited to: custody; fund administration; investment operations outsourcing; investment management; investment risk and analytical services; employee benefit services; securities lending; foreign exchange; treasury management; brokerage services; transition management services; banking; and cash management. Client relationships are managed through the Bank and the Bank’s and the Corporation’s other subsidiaries, including support from locations in North America, Europe, the Middle East, and the Asia-Pacific region. At December 31, 2025, total Asset Servicing assets under custody/administration (AUC/A), assets under custody, and assets under management (AUM) were $17.4 trillion, $13.6 trillion, and $1.3 trillion, respectively.

WEALTH MANAGEMENT

Wealth Management (WM) focuses on high-net-worth individuals and families, business owners, executives, professionals, retirees, and established privately-held businesses in its target markets. In supporting these targeted segments, Wealth Management provides trust, investment management, custody, and philanthropic services; financial consulting; guardianship and estate administration; family business consulting; family financial education; brokerage services; and private and business banking. Wealth Management also includes Global Family Office, which provides customized services, including but not limited to: investment management; global custody; fiduciary; private banking; family office consulting; and technology solutions to meet the complex financial and reporting needs of family offices across the globe.

Wealth Management is one of the largest providers of advisory services in the United States, with AUC/A, assets under custody, and AUM of $1.3 trillion, $1.3 trillion, and $507.2 billion, respectively, at December 31, 2025. Wealth Management services are delivered by multidisciplinary teams through a network of offices in 19 U.S. states and Washington, D.C., as well as offices in London, Guernsey, Singapore, and Abu Dhabi.

ASSET MANAGEMENT

Asset Management, through the Corporation’s various subsidiaries, supports the Asset Servicing and Wealth Management reporting segments by providing a broad range of asset management and related services and other products to clients around the world. Investment solutions are delivered through separately managed accounts, bank common and collective funds, registered investment companies, exchange traded funds, non-U.S. collective investment funds, and unregistered private investment funds. Asset Management’s capabilities include active and passive equity; active and passive fixed income; cash management; multi-asset and alternative asset classes (such as private equity and hedge funds of funds); and multi-manager advisory services and products. Asset Management’s activities also include overlay services and other risk management services. Asset Management operates internationally through subsidiaries and distribution arrangements and its revenue and expense are fully allocated to Asset Servicing and Wealth Management. As discussed above, Northern Trust managed $1.8 trillion in assets as of December 31, 2025, including $1.3 trillion for Asset Servicing clients and $507.2 billion for Wealth Management clients.

Competition

Northern Trust faces a number of competitors across its businesses. Competition comes from other financial services organizations, both regulated and unregulated, whose products and services may span the markets in which Northern Trust conducts operations. Our competitors include a broad range of financial institutions and service companies, including other custodial banks, investment counseling firms, deposit-taking institutions, asset management firms, benefits consultants, trust companies, investment banking firms, insurance companies, and various financial technology companies, including software providers and data services firms. As our businesses grow and markets evolve, we may encounter increasing and new forms of competition around the world.

Northern Trust’s growth strategy is to leverage our differentiators to serve targeted client segments with specialized solutions in select geographies. Northern Trust’s differentiators are our: trusted brand, deep expertise, tailored technology, proven relationships and network and strong balance sheet. Northern Trust emphasizes the development and growth of scalable, sustainable fee-based income. Northern Trust will continue to enable its strategy through significant investments in talent and culture, technology, data, AI and operational excellence.

Economic Conditions And Government Policies

The earnings of Northern Trust are affected by numerous external influences. Chief among these are general economic conditions, both domestic and international, and actions that governments and their central banks take in managing their economies. These general conditions affect all of Northern Trust’s businesses, as well as the quality, value, and profitability of its loan and investment portfolios.

The Board of Governors of the Federal Reserve System (Federal Reserve Board) implements monetary policy through its open market operations in United States Government securities, its setting of the discount rate at which member banks may borrow from Federal Reserve Banks, and its changes in the reserve requirements for deposits. The policies adopted by the Federal Reserve Board directly affect interest rates and therefore what banks earn on their loans and investments and what they pay on their savings and time deposits and other purchased funds.

Supervision and Regulation

Northern Trust is subject to extensive regulation and supervision under state and federal laws in the United States and in each of the jurisdictions in which it does business. The descriptions below outline significant elements of selected laws and regulations applicable to Northern Trust and are qualified in their entirety by reference to the particular statutory or regulatory provisions summarized. These descriptions do not summarize all laws and regulations applicable to Northern Trust or all possible or proposed changes to such laws or regulations and are not intended to be a substitute for the related statutes or regulatory provisions.

Changes in laws or regulations applicable to Northern Trust may have a material effect on its businesses and results of operations. The scope of the laws and regulations, and the intensity of the supervision to which Northern Trust is subject have increased in recent years, initially in response to the financial crisis, and more recently in light of other factors, including the banking turmoil in early 2023, technological factors, and market changes. Regulatory enforcement and fines have also increased across the banking and financial services sector. Northern Trust expects that its business will remain subject to extensive regulation and heightened supervision.

2 2025 ANNUAL REPORT | NORTHERN TRUST CORPORATION

FINANCIAL HOLDING COMPANY REGULATION

Under U.S. law, the Corporation is a bank holding company that has elected to be a financial holding company subject to the supervision, examination, and regulation of the Federal Reserve Board. A financial holding company is permitted to engage in a broader range of financial activities than a bank holding company. The Federal Reserve Board has authority to limit the activities that a financial holding company may conduct if any depository institution controlled by the financial holding company is found to no longer be “well-capitalized” or “well-managed” or has not received at least a “satisfactory” rating in its most recent Community Reinvestment Act (CRA) examination. Failure to meet one or more of these requirements may result in restrictions on the Corporation’s ability to exercise powers granted to financial holding companies, to engage in new activities, to continue current activities, or to make acquisitions. The Bank Holding Company Act also requires a bank holding company to obtain prior approval from the Federal Reserve Board before it acquires substantially all the assets of any bank, or ownership or control of more than 5% of the voting shares of any bank.

SUBSIDIARY REGULATION

The Bank is a member of the Federal Reserve System, with deposits insured by the Federal Deposit Insurance Corporation (FDIC) up to the federal deposit insurance limits, and is subject to regulation by both agencies. As an Illinois banking corporation, the Bank is also subject to Illinois state laws and regulations and to examination and supervision by the Division of Banking of the Illinois Department of Financial and Professional Regulation. The Bank is also registered as a transfer agent with the Federal Reserve Board and is registered as a swap dealer with the U.S. Commodity Futures Trading Commission (CFTC) under the Commodity Exchange Act. As a result, the Bank is subject to supervision, examination and enforcement by certain other regulatory bodies, including the CFTC and the National Futures Association (NFA). The Corporation’s nonbanking affiliates are subject to regulation by the Federal Reserve Board and, in certain circumstances, other functional regulators, as discussed in greater detail below.

ENHANCED PRUDENTIAL STANDARDS

Under the Federal Reserve Board’s tailoring rules, the Corporation is subject to the enhanced prudential standards applicable to Category II banking organizations. As a Category II banking organization, the Corporation must submit annual capital plans to the Federal Reserve Board, conduct supervisory and internal periodic stress tests to evaluate capital adequacy in adverse economic conditions, maintain enhanced risk management procedures, and comply with a liquidity risk management framework (discussed below in “Liquidity Standards”) and single counterparty credit limits, and conduct liquidity stress tests. The Corporation is not subject to all of the standards applicable to U.S. bank holding companies that are global systemically important bank holding companies (GSIBs), such as the total loss-absorbing capacity requirement, capital surcharge, enhanced supplementary leverage ratio, or additional single counterparty credit limits.

LONG-TERM DEBT AND CLEAN HOLDING COMPANY REQUIREMENTS

In 2023, the U.S. banking regulators proposed a rule that would require banking organizations with $100 billion or more in total assets to comply with Long-Term Debt requirements and clean holding company requirements similar to those that currently apply only to GSIBs. This proposal would also impose a Long-Term Debt requirement on certain categories of insured depository institutions that are not consolidated subsidiaries of U.S. GSIBs, including insured depository institutions with $100 billion or more in total assets, such as the Bank. If adopted, this proposal would require the Corporation and the Bank to each maintain a minimum outstanding eligible Long-Term Debt amount of no less than the greatest of (i) 6% of risk-weighted assets (RWA), (ii) 2.5% of total leverage exposure, and (iii) 3.5% of average total consolidated assets. The Bank would be required to issue the minimum amount of eligible Long-Term Debt to the Corporation, and the Corporation would be required to issue the minimum amount of eligible Long-Term Debt externally. In addition, if adopted as proposed, the clean holding company requirement would limit or prohibit the Corporation from entering into certain transactions that could impede its orderly resolution, including, for example, prohibiting the Corporation from entering into transactions that could spread losses to subsidiaries and third parties, as well as limiting the amount of the Corporation’s liabilities that are not eligible Long-Term Debt. The timing and form of any final rule implementing the Long-Term Debt and clean holding company requirements is uncertain.

RESOLUTION PLANNING

As required by Section 165(d) of the Dodd-Frank Wall Street Reform and Consumer Protection Act (Dodd-Frank Act), the Corporation is required to submit periodically to the Federal Reserve Board and FDIC a resolution plan for its rapid and orderly resolution in the event of material financial distress or failure. In August 2024, the Federal Reserve Board and FDIC issued final joint guidance on resolution planning requirements applicable to the Corporation under Section 165(d). The Corporation’s most recent 165(d) plan was submitted timely to the FDIC and Federal Reserve Board by October 1, 2025. The Corporation’s next 165(d) plan submission is a targeted resolution plan due July 1, 2028, with future resolution plans due every three years after that, alternating between full and targeted resolution plans, pursuant to the rule.

In addition, the Bank, as an insured depository institution, is required to submit to the FDIC periodic plans for resolution in the event of its failure. In June 2024, the FDIC adopted a final rule that would require covered insured depository institutions, such as the Bank, to submit a full resolution plan to the FDIC every three years and submit an interim supplement in each year that it is not required to submit a full resolution plan. The final rule increases the content requirements for plan submissions and introduces a new credibility standard for the FDIC’s evaluation of resolution plans, which would be enforceable against the covered insured depository institutions. In December 2025, the FDIC provided an update that it plans to propose changes to the final rule in 2026, including codifying the content requirement exemptions and frequently asked questions (FAQs) associated with the modified approach it set out in April 2025. The Bank submitted its most recent interim supplement timely by July 1, 2025. The Bank’s full resolution plan is due July 1, 2026.

Separately, the European Union Bank Recovery and Resolution Directive (BRRD) sets out the framework for the recovery and resolution of European Union (EU) credit institutions and systemically-important investment firms, including certain of the Bank’s subsidiaries and branches. The BRRD establishes a set of harmonized rules for early intervention measures, recovery and resolution planning, bail-in powers and requirements for total loss absorbing capital for EU institutions, collectively known as minimum requirements for own funds and eligible liabilities (MREL). Northern Trust Global Services SE, a Luxembourg-incorporated indirect subsidiary of the Bank, is authorized by the European Central Bank (ECB) and subject to the prudential supervision of the Luxembourg Commission de Surveillance du Secteur Financier (CSSF). As such, Northern Trust Global Services SE falls within the scope of the BRRD and its recovery and resolution planning is overseen by the CSSF and the CSSF Resolution Board.

The United Kingdom (UK) has established a special resolution regime and a resolvability assessment framework overseen by the Bank of England (as the UK resolution authority) with many similar features to the BRRD, which was substantially retained as part of UK law following the withdrawal of the UK from the EU. The special resolution regime applies to firms that are permitted to accept deposits under Part 4A of the Financial Services and Markets Act 2000. As such, the London branch of the Bank, as a UK branch of a third-country institution that accepts deposits, falls within the scope of the special resolution regime.

ORDERLY LIQUIDATION AUTHORITY

Under the Dodd-Frank Act, certain financial companies, such as the Corporation and certain of its covered subsidiaries, can be subjected to an orderly liquidation authority if in default or danger of default and their resolution under the U.S. Bankruptcy Code would have serious adverse effects on financial stability in the United States, among other requirements set by statute. If the Corporation were subject to orderly liquidation authority, the FDIC would be appointed as its receiver, which would give the FDIC considerable powers to resolve the Corporation. Absent such actions, the Corporation, as a bank holding company, would remain subject to the U.S. Bankruptcy Code.

THE VOLCKER RULE

The Volcker Rule generally prohibits banking entities, including the Bank and its affiliates, from engaging in proprietary trading, subject to certain exemptions and exclusions, such as for market-making, hedging, certain trading activities in U.S. and foreign sovereign debt, and trading activities related to liquidity management. The Volcker Rule also prohibits certain investments in, and relationships with, covered funds as defined in the Volcker Rule, such as hedge funds, private equity funds and similar funds, subject to a number of exemptions and exclusions. Northern Trust maintains an enterprise-wide compliance program to comply with the Volcker Rule.

HOLDING COMPANY AS A SOURCE OF STRENGTH

The Corporation, as a bank holding company, is required to serve as a source of financial and managerial strength to its depository institution subsidiary. Under this requirement, the Corporation could be required to commit resources to the Bank should the Bank experience financial distress.

PAYMENT OF DIVIDENDS

The Corporation may pay dividends, repurchase stock, and make other capital distributions only in accordance with the capital plan rules and capital adequacy standards of the Federal Reserve Board, including the stress capital buffer requirement, discussed further in “Capital Adequacy Requirements” below. Dividends from the Bank are a significant source of funds for the Corporation, and the Corporation’s ability to pay dividends on its common stock therefore depends in part on the ability of the Bank to pay sufficient dividends to the Corporation.

Various other federal and state laws and regulations limit the amount of dividends that may be paid by the Bank to the Corporation without regulatory consent. The Bank may not pay any dividends if it is undercapitalized, or if the payment of the dividend would cause it to become undercapitalized. In general, the amount of dividends that may be paid in a calendar year is limited to its “retained net income” (the current year’s net income combined with the retained net income of the two preceding years), or its “undivided profits” (generally, accumulated net profits that have not been paid out as dividends or transferred to surplus), whichever is less. The ability of the Bank to pay dividends to the Corporation may also be affected by the capital adequacy standards applicable to the Bank (discussed further below), which include minimum requirements and buffers.

4 2025 ANNUAL REPORT | NORTHERN TRUST CORPORATION

CAPITAL PLANNING AND STRESS TESTING

The Corporation’s capital distributions are subject to the Federal Reserve Board’s capital plan rules, which require the Corporation to submit an annual capital plan to the Federal Reserve Board for review.

The major components of that oversight are the Federal Reserve Board’s Comprehensive Capital Analysis and Review (CCAR) and Dodd-Frank Act Stress Tests (DFAST). These requirements involve both company-run and supervisory-run testing of capital under various scenarios, including baseline and severely adverse scenarios provided by the appropriate banking regulator.

Under the DFAST regulations, the Corporation is required to undergo regulatory stress tests conducted by the Federal Reserve Board annually. In October 2025, the Federal Reserve proposed revisions to its supervisory stress testing framework through two related proposals designed to enhance the transparency and public accountability of its annual stress test (the Stress Testing Transparency Proposal). The first proposal solicits comments on the Federal Reserve’s stress test models, scenario design framework and an enhanced disclosure process under which the Federal Reserve would annually publish and invite public comment on stress test scenarios, models and material changes to those models. The second proposal solicits comments on the scenarios for the 2026 supervisory stress test.

The Bank also is required to conduct its own annual internal stress test (although it is permitted to combine certain reporting and disclosure of its stress test results with the results of the Corporation). Results from the Corporation’s and the Bank’s annual company-run stress tests are reported to the appropriate regulators and made publicly available. Northern Trust published the results of its most recent company-run stress tests on July 1, 2025.

CAPITAL ADEQUACY REQUIREMENTS

The Corporation, as a bank holding company, is subject to risk-based and leverage capital guidelines implemented by the Federal Reserve Board that are based on industry-standard guidelines published by the International Basel Committee on Banking Supervision (Basel Committee), known as Basel III. The Bank, as an FDIC-insured depository institution, is also required to meet risk-based and leverage capital guidelines established by regulators that are generally similar to those established by the Federal Reserve Board for bank holding companies.

Under the Basel III rules, the Corporation, with the Bank, is a “core” banking organization that is required to use the advanced approaches methodologies to calculate and disclose publicly its risk-based capital ratios. The Corporation also is subject to a capital floor that is based on the Basel III standardized approach to calculating risk-based capital ratios. The Corporation is therefore required to calculate its risk-based capital ratios under both the standardized and advanced approaches, and is subject to the more stringent of the two in the assessment of its capital adequacy.

In 2023, the U.S. banking agencies issued a proposed rule to implement the Basel III endgame agreement for large banks (Basel III Endgame Proposal). The Federal Reserve announced in September 2024 that it would publish a re-proposal of its regulations finalizing the Basel III standards. That re-proposal is expected in early 2026. The potential impacts on the Corporation and the Bank of a final rule remain uncertain until a final rule is published.

The Bank’s risk-based and leverage capital ratios at December 31, 2025, were well above the regulatory requirements established by U.S. banking regulators. The risk-based and leverage capital ratios for the Corporation and the Bank, together with the regulatory minimum ratios and the ratios required for classification as “well-capitalized,” are provided in the following chart.

TABLE 1: RISK-BASED AND LEVERAGE CAPITAL RATIOS AS OF DECEMBER 31, 2025

Advanced approaches institutions, such as the Corporation and the Bank, are subject to a minimum supplementary leverage ratio of 3.0%. Advanced approaches institutions that are insured depository institutions, such as the Bank, also must maintain at least a 3.0% supplementary leverage ratio to be considered “well-capitalized.” The Corporation is also subject to a stress capital buffer, which integrates forward-looking stress test results with non-stress capital requirements, and the Bank is also subject to a capital conservation buffer, which respectively requires the Corporation and the Bank to hold a buffer of Common Equity Tier 1 capital above the minimum risk-based capital requirements in order to avoid constraints on dividends, equity repurchases and compensation. The minimum capital buffer requirement for advanced approaches banking organizations, such as the Corporation and the Bank, is 2.5%.

A “countercyclical buffer” of 0% to 2.5% of a banking organization’s total RWA for advanced approaches banking organizations, such as the Corporation, is also a component of the capital adequacy framework. In general, the amount of the countercyclical capital buffer is a weighted average of the countercyclical capital buffer established in the various jurisdictions in which the banking organization has credit exposures. The U.S. countercyclical buffer is currently set at 0%.

In April 2025, the Federal Reserve issued a proposed rule to reduce volatility in the stress capital buffer (SCB) requirement, primarily through the averaging of the decline in a firm’s Common Equity Tier 1 capital over a two-year horizon (current and prior year). The proposal would also extend the annual effective date of each firm’s stress capital buffer requirement by one quarter, from October 1 to January 1.

The results of the 2025 DFAST, published by the Federal Reserve Board on June 27, 2025, resulted in Northern Trust’s stress capital buffer and effective Common Equity Tier 1 capital ratio minimum requirement remaining constant at 2.5% and 7.0%, respectively, for the annual capital plan cycle, which began on October 1, 2025 and continues through September 30, 2026. On February 4, 2026, the Federal Reserve notified the Corporation that because the Stress Testing Transparency Proposal remains subject to public comment, absent further action from the Federal Reserve, the Corporation’s stress capital buffer requirement will remain at 2.5% until September 30, 2027.

LIQUIDITY STANDARDS

Northern Trust is subject to the U.S. liquidity coverage ratio (LCR) requirement, which is designed to ensure that covered banking organizations, including the Corporation and the Bank, maintain an adequate level of unencumbered high-quality liquid assets equal to their expected net cash outflow for a 30-day time horizon under a prescribed regulatory liquidity stress scenario. As of December 31, 2025, the Corporation and the Bank were in compliance with applicable LCR requirements.

Northern Trust also is subject to the U.S. net stable funding ratio (NSFR) requirement, designed to promote more medium- and long-term funding of the assets and activities of banking entities over a one-year time horizon. As of December 31, 2025, the Corporation and the Bank were in compliance with applicable NSFR requirements. In addition, Northern Trust publicly discloses certain qualitative and quantitative information about its NSFR consistent with the semi-annual disclosure requirements of the Federal Reserve Board’s final rule on U.S. NSFR disclosure.

As noted above, the enhanced prudential standards impose additional liquidity requirements for large bank holding companies. The Corporation, a Category II institution under the final tailoring rule, is subject to the liquidity risk management, monthly liquidity stress testing, liquidity buffer, and daily liquidity reporting requirements.

PROMPT CORRECTIVE ACTION

Federal banking regulators are required to take “prompt corrective action” with respect to a depository institution if that institution does not meet certain capital adequacy standards, and are also authorized to take appropriate action against a parent bank holding company of an under-capitalized banking subsidiary. In certain instances, the Corporation could be required to guarantee the performance of a capital restoration plan for the Bank if it were under-capitalized.

RESTRICTIONS ON TRANSACTIONS WITH AFFILIATES

The Bank is subject to restrictions governing covered transactions between it and its affiliated entities, including the Corporation, the Bank’s affiliates, and the Corporation’s subsidiaries. These transactions must be on terms and conditions that are, or in good faith would be, offered to nonaffiliated companies (i.e., on terms not less favorable to the Bank than market terms). Further, extensions of credit must be secured fully with qualifying collateral, while all covered transactions with affiliates are limited to 10% of the Bank’s capital and surplus for transactions with a single affiliate and to 20% of the Bank’s capital and surplus for transactions with all affiliates.

6 2025 ANNUAL REPORT | NORTHERN TRUST CORPORATION

SWAPS AND OTHER DERIVATIVES

Northern Trust is subject to comprehensive regulation of its derivatives businesses, including regulations that impose margin requirements, business conduct requirements, trade reporting, central clearing and mandatory trading on regulated exchanges or execution facilities for certain types of swaps and security-based swaps. CFTC and U.S. Securities and Exchange Commission (SEC) rules require registration of swap dealers and security-based swap dealers, respectively, and impose numerous obligations on such registrants, including adherence to business conduct standards for all in-scope instruments. The Bank is registered with the CFTC as a swap dealer and is subject to CFTC and NFA rules and supervision related to its swaps business. Swap dealers regulated by a prudential regulator, like the Bank, are subject to uncleared swap margin requirements and minimum capital requirements established by the prudential regulators. The Corporation has not registered and does not expect that it, or any of its affiliates, will be required to register as a security-based swap dealer with the SEC.

In addition, certain nonbanking affiliates, including Northern Trust Investments, Inc., are registered with the CFTC as commodity trading advisors and/or commodity pool operators, or are operating under certain exemptions from such registration pursuant to CFTC rules and other guidance. Commodity pool operators have certain responsibilities with respect to each pool they operate or advise.

BROKER-DEALER AND INVESTMENT ADVISER REGULATION

Northern Trust Securities, Inc. is registered as a broker-dealer with the SEC and is a member of various self-regulatory organizations, including the Financial Industry Regulatory Authority, Inc. (FINRA). Broker-dealers are subject to laws and regulations relating to all aspects of their securities business operations, including, but not limited to, sales and trading practices, securities offerings, handling of customer funds, net capital levels, recordkeeping, privacy requirements, and the conduct of directors, officers, and employees. Broker-dealers are also regulated by securities administrators in those states where they do business. Northern Trust Securities, Inc. is also registered with the Municipal Securities Rulemaking Board (MSRB) as a municipal securities dealer and subject to regulation as such.

Northern Trust Securities, Inc. and other subsidiaries of the Corporation are registered with the SEC as investment advisers and are subject to regulation by the SEC. The Corporation’s registered investment advisers in the United States are subject to the Investment Advisers Act of 1940, as amended (the Investment Advisers Act), and SEC rules and regulations thereunder, including with respect to record-keeping, operational and marketing requirements, disclosure obligations, fiduciary and other obligations and prohibitions on fraudulent activities, and other applicable state and federal laws and regulations, including anti-fraud laws. The SEC is authorized to institute proceedings and impose sanctions for violations of the Investment Advisers Act, ranging from fines and censure to termination of an investment adviser’s registration. Noncompliance with the Investment Advisers Act or other federal and state securities laws and regulations could result in investigations, sanctions, disgorgement, termination of an investment adviser’s registration, fines and/or reputational harm.

ANTI-MONEY LAUNDERING, ANTI-TERRORISM LEGISLATION, AND OFFICE OF FOREIGN ASSETS CONTROL

Certain subsidiaries of the Corporation are subject to the Bank Secrecy Act of 1970, as amended by the USA PATRIOT Act of 2001 and Anti-Money Laundering Act of 2020 and implemented in the regulations of the federal banking regulators and the Financial Crimes Enforcement Network (FinCEN), which requires banks and other financial institutions to comply with anti-money laundering (AML) and financial transparency requirements, such as conducting due diligence, verifying client and beneficial owner identification, and monitoring client transactions and detecting and reporting suspicious activities. AML laws outside the United States contain similar requirements. The Anti-Money Laundering Act of 2020 includes the Corporate Transparency Act, which requires FinCEN to issue regulations requiring reporting of and access to beneficial ownership information of legal entities and amendments to related customer due diligence requirements for financial institutions.

The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) and U.S. Department of State administer and enforce U.S. economic sanctions laws and regulations, which prohibit the Corporation and its subsidiaries from engaging in certain transactions and dealings including business in or with certain jurisdictions and parties that are the target of U.S. economic sanctions, such as organizations and countries suspected of aiding, harboring or engaging in terrorist acts or undermining the sovereignty and territorial integrity of democratic countries. If the Corporation or the Bank finds a sanctioned name or jurisdiction on any transaction, asset or account, the Corporation or the Bank may be required to reject or block such account or transaction and notify the appropriate authorities.

Failure to comply with these requirements could result in fines, penalties, lawsuits, regulatory sanctions or difficulties in obtaining approvals, restrictions on their business activities or harm to reputation. Many other countries have imposed similar laws and regulations that apply to the Corporation’s non-U.S. offices. The Corporation has established policies and procedures to comply with these laws and the related regulations.

DEPOSIT INSURANCE AND ASSESSMENTS

The Bank accepts deposits and eligible deposits have the benefit of FDIC insurance up to the standard maximum deposit insurance amount, which is currently $250,000 for each ownership right and capacity under which the eligible deposit accounts are maintained. Under the Federal Deposit Insurance Act (FDIA), insurance of deposits may be terminated by the FDIC upon a finding that the insured depository institution has engaged in unsafe and unsound practices, is in an unsafe or unsound condition, or has violated laws, regulations, or orders from a regulatory agency.

The FDIC’s Deposit Insurance Fund (DIF) is funded by assessments on FDIC-insured depository institutions. The FDIC assesses premiums based on an assessment rate and an assessment base. An insured depository institution’s assessment base considers average consolidated total assets, less the average tangible equity of the insured depository institution during the assessment period. The assessment base of custody banks is adjusted to exclude certain liquid assets from total average assets. To qualify as a custody bank, certain institutional eligibility criteria must be met. The Bank qualifies as a custody bank for this purpose. The FDIC utilizes a risk-based system to determine each institution’s assessment rate. The assessment rate schedule can change from time to time at the discretion of the FDIC, subject to certain limits.

The FDIC, as required under the FDIA, established a plan in September 2020 to restore the DIF reserve ratio to meet or exceed the statutory minimum of 1.35% within eight years. The FDIC determined that the reserve ratio exceeded the statutory minimum as of June 30, 2025. Consequently, the FDIC stopped operating under a Restoration Plan as of the third quarter of 2025. The FDIC maintained the long-term target reserve ratio for the DIF, referred to as the Designated Reserve Ratio, at 2.00% for 2025.

In 2023, the FDIC issued a final rule to implement a special assessment to recoup losses to the DIF associated with bank failures in the first half of 2023. The assessment base for the special assessment is equal to an insured depository institution’s estimated uninsured domestic office deposits reported as of December 31, 2022, adjusted to exclude the first $5 billion of uninsured domestic office deposits. The special assessment will be collected over eight quarterly assessment periods, beginning in 2024. In December 2025, the FDIC issued an interim final rule that would reduce the payment rate applied to the assessment base for the eighth and final collection quarter. Under the interim final rule, upon termination of the receiverships, the FDIC will either provide an offset to regular quarterly deposit insurance assessments for insured depository institutions subject to the special assessment if the amount collected exceeds losses or collect from insured depository institutions subject to the special assessment a one-time final shortfall special assessment if losses at the termination of the receiverships exceed the amount collected. In conjunction with the FDIC special assessment rules, Northern Trust has accrued a total of $83.4 million.

COMMUNITY REINVESTMENT ACT

The Bank is subject to the CRA. The CRA and the regulations issued thereunder are intended to encourage banks to help meet the credit needs of their service areas, including low- and moderate-income neighborhoods and persons, consistent with the safe and sound operations of the banks. For purposes of the CRA, the Bank operates under a “wholesale” designation granted by the Federal Reserve Board and fulfills its CRA obligations by making qualified investments for the purposes of community development. The Bank received an “outstanding” CRA rating from the Federal Reserve Board in its most recent CRA examination.

DATA PRIVACY AND SECURITY

Federal law establishes a minimum federal standard of financial privacy by, among other provisions, requiring financial institutions to adopt, disclose, and enforce privacy policies with respect to consumer information, setting limitations on disclosure to third parties of consumer information, setting standards for protecting client information and preventing unlawful access to such information, and requiring notice of data breaches in certain circumstances. For example, the Federal Trade Commission has the authority to regulate and enforce against unfair or deceptive acts or practices in or affecting commerce, including acts and practices with respect to data privacy and security, and the Gramm-Leach-Bliley Act regulates the confidentiality and security of customer information obtained by financial institutions and certain other types of financial services businesses.

8 2025 ANNUAL REPORT | NORTHERN TRUST CORPORATION

Most U.S. states, the EU and other non-U.S. jurisdictions also have adopted their own statutes and/or regulations concerning data privacy and security and requiring notification of data breaches―for example, the General Data Protection Regulation (GDPR) in Europe and its equivalent in the UK (UK GDPR), the Personal Information Protection Law (PIPL) in China, and the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, CCPA) in the United States. Similar laws are in effect or being implemented in other jurisdictions in which we operate across the globe. The GDPR is designed to harmonize data privacy and security laws across the European Economic Area (EEA) and to protect EEA citizens’ data privacy and security. The GDPR imposes stringent operational requirements on both data controllers and data processors and has extraterritorial effect as its scope includes all data controllers and processors outside the EEA whose processing activities relate to the offering of goods or services to, or monitoring the behavior of, EEA individuals. Organizations that violate certain provisions of the GDPR could be fined up to €20 million or 4% of their annual worldwide revenue for the preceding fiscal year, whichever is greater. The Digital Omnibus Regulation Proposal published in 2025 is expected to introduce technical amendments to a large corpus of digital legislation in Europe, including the EU GDPR. The UK GDPR, which operates in conjunction with other local data privacy requirements, as reformed in 2025 through the adoption of the UK Data Use and Access Act 2025, also provides for data protection requirements equivalent to the EU GDPR.

In 2025, Northern Trust received regulatory approval in Europe to use Binding Corporate Rules as a legal mechanism supporting transfers of data from Northern Trust group entities in the EEA to other group entities outside the EEA. Northern Trust expects to launch the EU Binding Corporate Rules in 2026. The Corporation has adopted and disseminated privacy policies and communicates required information relating to financial privacy and data security in accordance with applicable law.

In the United States, the CCPA broadly defines personal information and substantially increases the rights of California residents to understand how their personal information is collected, used, and otherwise processed by commercial businesses, such as affording them the right to access and request deletion of their information and to opt out of certain sharing and sales of personal information. The CCPA includes a private right of action (permitting lawsuits to be brought by private individuals instead of the state Attorney General or other government actor for certain breaches), and contemplates civil penalties of up to $2,500 for each violation and up to $7,500 for each intentional violation.

In addition, several states have enacted, or are considering enacting, comprehensive data privacy laws similar to the CCPA. Similarly, Regulation S-P amendments introduced by the SEC create additional obligations for broker-dealers and registered investment advisers to protect customer information, including timely notification of incidents to impacted individuals. These laws apply, or will apply, in addition to laws that already exist in all 50 U.S. states that require businesses to provide notice under certain circumstances to consumers whose personal information has been disclosed as a result of a data breach. Moreover, the U.S. Congress has considered, and will likely in the future consider, various proposals for more comprehensive data privacy and security legislation, to which we may be subject if enacted.

ARTIFICIAL INTELLIGENCE

Northern Trust uses a variety of machine learning and artificial intelligence (AI) solutions to process transactional activity more efficiently and to mitigate risk. These uses currently include, among others, digitizing documents, detecting anomalous, fraudulent transactions and training services teams on operational processes.

Regulation of AI is rapidly evolving in the U.S. and worldwide as legislators and regulators are increasingly focused on these powerful emerging technologies. The technologies underlying AI and its uses are subject to a variety of laws and regulations, including intellectual property, privacy, data protection, cybersecurity, consumer protection, competition, and equal opportunity laws, and are expected to be subject to increased regulation and new laws or new applications of existing laws and regulations. Additionally, several U.S. states, including Colorado and California, have passed or are continuing to propose laws and regulations that govern various facets and uses of AI, including consequential decisions, and, in Europe, the EU’s Artificial Intelligence Act (EU AI Act) entered into force on August 1, 2024.

Northern Trust has certain processes and controls in place designed to mitigate the risks associated with the use of AI solutions, including monitoring the development and applicability of such evolving laws and regulations, and has taken, and will continue to take steps designed to comply with laws and regulations applicable to Northern Trust’s use of AI.

CONSUMER LAWS AND REGULATIONS

The Corporation’s banking subsidiaries are subject to certain federal and state laws and regulations designed to protect consumers in transactions with banks. Failure to comply with these laws and regulations could lead to substantial penalties, operating restrictions and reputational damage to the financial institution. Consumer laws and regulations are enforced by the Consumer Financial Protection Bureau (CFPB) and other federal and state regulators.

NON-U.S. REGULATION

Northern Trust is subject to the laws and regulatory authorities of the jurisdictions in which its non-U.S. branches and subsidiaries operate. For example, branches and subsidiaries conducting banking and asset servicing businesses in the UK are authorized to do so pursuant to the UK Financial Services and Markets Act 2000. They are authorized by the Prudential Regulation Authority (PRA) and/or the Financial Conduct Authority (FCA). The PRA and FCA exercise broad supervisory and disciplinary powers that include the power to revoke temporarily or permanently authorization to conduct a regulated business upon breach of the relevant regulations, impose capital requirements, suspend registered employees, and impose censures and fines on both regulated businesses and their regulated employees. Additionally, the Bank is licensed as a foreign authorized deposit-taking institution in Australia under the Banking Act (Australia) and as a wholesale bank in Singapore under the Banking Act (Singapore) and as a result is subject to the supervision of the Australian Prudential Regulation Authority and the Monetary Authority of Singapore, respectively.

Northern Trust’s European branches and subsidiaries are subject to the laws and regulatory authorities of the EU and the member states in which they are domiciled. For example, Northern Trust Global Services SE, as an EU-domiciled credit institution in Luxembourg, is subject to the prudential supervision of the ECB and the CSSF. Moreover, Northern Trust’s non-EU branches and subsidiaries conducting financial services activities in the EU may fall within the scope of the laws of the EU and, given the increasing extraterritorial effect of EU legislation, non-EU branches and subsidiaries may still fall within the scope of EU law if they transact outside of the EU with EU clients.

Since January 31, 2020, the UK has not been a member of the EU. EU legislation as it applied to the UK on December 31, 2020 is a part of UK domestic legislation, under the control of the UK’s parliament. Most UK law relevant to the Corporation and its subsidiaries is still closely aligned with the EU legislative framework in place in December 2020. However, in 2022, the UK government proposed legislation that makes significant reforms to the UK’s financial services regulations. In particular, the Financial Services and Markets Act 2023 includes measures that will, over time, revoke retained EU law relating to financial services. In addition, the UK government announced a package of post-Brexit reforms to drive growth and competitiveness in the financial services sector. The Financial Services and Markets Act 2023 along with these other reforms may directly and indirectly impact the Corporation.

The following items provide a brief description of certain key regulatory requirements in the EU and the UK relevant to the Corporation and its subsidiaries, in addition to the BRRD and GDPR and UK GDPR discussed under “Resolution Planning” and “Data Privacy and Security,” respectively, above.

EU and UK Prudential Regulatory Frameworks. The EU Capital Requirements Directive of June 26, 2013 (CRD) and the EU Capital Requirements Regulation of June 26, 2013 (CRR) set out the framework for prudential regulation of credit institutions in the EU, including, among other things, capital and liquidity requirements, leverage, and disclosure and reporting. CRR and CRD have been subject to extensive amendments relating to the leverage ratio, the net stable funding ratio, large exposures, and market and counterparty credit risk, enhancing the resiliency of EU banks to potential future economic shocks, the transition to climate neutrality and finalizing the implementation of the Basel III agreement. Since June 26, 2021, investment firms under the recast Markets in Financial Instruments Directive (MIFID) have been subject to a new prudential regime under the EU Investment Firm Directive and Investment Firm Regulation. In April 2021, the Financial Services Act came into force in the UK establishing among other things, (i) a framework for the new investment firm prudential framework to apply in the UK and (ii) the UK implementation of Basel III standards, including amendments to CRR as implemented into UK law following the withdrawal from the EU. UK and EU branches and subsidiaries of the Corporation may also be subject to local rules on outsourcing and operational resilience. In June 2024, the texts of CRR III and CRD VI, were formally published in the Official Journal of the EU. Through these legislative measures, the EU will implement the Basel III accord into EU law. These regulations affect the capital and liquidity requirements of European banking entities and restrict the provision of prescribed core banking services, including lending, the provision of guarantees and commitments, and the taking of deposits or other borrowing, by non-EU entities to EU entities, except where these services are provided through an authorized EU branch or where an exemption applies. The new regime is being phased in gradually until 2027.

Markets Regulation. MIFID (which came into force in 2018), the linked Markets in Financial Instruments Regulation (MIFIR), and the European Market Infrastructure Regulation 648/2012 (EMIR) are the primary pieces of EU legislation which regulate, among other things, trading in derivative and securities markets, transaction reporting, investor protection, clearing and risk mitigation. MIFID, MIFIR and EMIR, with applicable amendments, now form part of UK law under the legislation implemented when the UK left the EU. Reforms incorporated into the UK version of MIFIR have been made by the UK Financial Services and Markets Act 2023. The reforms impact, among other things, the share trading obligation and derivatives trading obligation.

10 2025 ANNUAL REPORT | NORTHERN TRUST CORPORATION

Central Securities Depositories Regulation. On September 17, 2014, the EU Central Securities Depositories Regulation (CSDR) entered into force (subject to a number of transitional provisions). The CSDR aims principally to ensure that transactions between buyers and sellers of dematerialized securities are settled in a safe and timely manner by introducing common securities settlement standards across the EU. Key features of the CSDR include shorter settlement periods, settlement discipline measures (including mandatory cash penalties and “buy-ins” for settlement fails and settlement fails reporting) and an obligation regarding dematerialization for most securities. In the UK, the Financial Services and Markets Act 2023 grants to the Bank of England new rule-making powers in relation to central securities depositories (CSD).

Securities Financing Transactions and Reuse of Collateral Regulation. On November 25, 2015, the EU adopted a regulation on securities financing transactions and reuse of collateral (SFTR) as part of its approach to addressing shadow banking. The regulation includes provisions for enhanced transparency and reporting of securities financing transactions. The SFTR entered into force on January 12, 2016. The reporting obligations under the SFTR were phased in over several periods through January 11, 2021.

Benchmarks Regulation. On January 1, 2018, the EU Benchmarks Regulation (BMR) became applicable in all EU member states. The principal objectives of the BMR are to restore investor confidence in the accuracy, robustness and integrity of indices used as benchmarks in financial instruments and financial contracts or to measure the performance of investment funds, and the benchmark-setting process itself. The BMR aims to achieve these objectives by ensuring that benchmarks are not subject to conflicts of interest, are used appropriately, and reflect the actual market or economic reality they are intended to measure. The BMR has been incorporated into UK law following the withdrawal from the EU, with applicable amendments.

Sustainable Finance Disclosure Regulations. On December 29, 2019, the EU Sustainable Finance Disclosure Regulations (SFDR) entered into force. SFDR aims to prevent “greenwashing” (conveying a misleading or false impression a product is more environmentally favorable than it actually is) by requiring disclosure of how sustainability risks and environmental, social and governance (ESG) factors are part of the investment and business processes of asset managers. Mandatory disclosures are required to be published at product and manager levels in a variety of ways, including on websites, in pre-contractual documents (e.g., prospectuses) and in annual reports. In November 2025, the European Commission published a proposal for a regulation amending the SFDR. If implemented, the Commission’s proposal will, among other things, introduce a new approach to categorizing financial products that will replace the existing Article 6, Article 8, and Article 9 product categories. In October 2021, the UK government announced that it will launch its own consultation with stakeholders on sustainable finance disclosures rules for certain UK market participants and certain investment products. On October 25, 2022, the FCA issued a consultation paper on new measures for a UK regime on sustainability disclosure requirements and investment labels. The new measures, including an anti-greenwashing rule, product labels and product naming and marketing rules, entered into force during the course of 2024.

Taxonomy Regulation. On July 12, 2020, Regulation (EU) 2020/852 (Taxonomy Regulations) entered into force. The Taxonomy Regulations are part of the EU’s recent measures designed to encourage environmentally sustainable investment decision making and introduce a technical framework to ascertain how sustainable an economic activity is. The Taxonomy Regulations apply to financial market participants including MiFID firms, Undertakings for the Collective Investment in Transferable Securities (UCITS) management companies, and alternative investment fund managers, and will require them to make further entity, pre-contractual and periodic disclosures. The UK government previously consulted on implementing its own “green” taxonomy for guiding companies and investors on “green” investments, similar to the EU regime. However, in July 2025 the UK government announced that it decided not to proceed with a UK “green” taxonomy.

Deposit Guarantee Scheme. Eligible deposits held with EU credit institutions and certain other financial entities are subject to the recast Deposit Guarantee Schemes Directive (DGSD) implemented in 2014. It required EU member states to introduce legislation establishing at least one deposit guarantee scheme (DGS). A DGS which is established and recognized in one member state is obliged to cover the depositors (up to certain prescribed amounts) at branches of the same institution in other EU member states. In the UK, the Financial Services Compensation Scheme is the national DGS for the protection and reimbursement of depositors of failed financial institutions.

EU Money Laundering Directive. On July 9, 2018, the Fifth EU Money Laundering Directive (MLD5) entered into force. MLD5 was required to be transposed into local law by EU member states by January 10, 2020 and introduced the following key changes to the previous EU AML regime: (i) EU member states must ensure that registers of ultimate beneficial owners of companies and other legal entities are accessible to the general public; (ii) the previous AML regime was extended to additional service providers, such as electronic wallet providers, virtual currency exchange service providers, and art dealers, and further specifications regarding the scope of application of MLD5 with respect to tax advisors and estate agents were provided; (iii) the threshold for identifying holders of prepaid cards was lowered to €150; and (iv) EU member states were required to implement enhanced due diligence measures to monitor suspicious transactions involving high-risk countries more strictly. The UK government transposed MLD5 into UK law and, therefore, the UK anti-money laundering regime is currently broadly aligned with the EU. On December 7, 2022, the Council of the EU agreed its position on AML regulation through the Sixth EU Money Laundering Directive. The new rules will extend to, among other items, the entire crypto-asset sector, third-party intermediaries, persons trading in precious metals, precious stones and cultural goods. EU member states have until 2027 to transpose the Sixth EU Money Laundering Directive into national legislation.

Shareholder Rights Directive. On May 17, 2017, the recast Shareholder Rights Directive (EU) 2017/828 was published (SRD II). Member states of the EU were required to bring into force the laws, regulations and administrative provisions necessary to comply with the Directive by June 10, 2019. SRD was designed to establish requirements in relation to the exercise of shareholder rights and, recognizing that shares are often held through complex chains of intermediaries, SRD II is designed to improve mechanisms for the identification of shareholders by companies, as well as improve the transmission of information along the chain of intermediaries to facilitate the exercise of shareholder rights. Non-EU intermediaries are required to comply with the requirements if they provide services with respect to shares of companies that have their registered office in the EU. SRD II has been incorporated into UK law and remains largely aligned with the EU.

EU AI Act. The final text of the EU AI Act was published in the Official Journal of the European Union in July 2024 and entered into force in August 2024. Most of the EU AI Act’s substantive obligations will apply following a two-year implementation period, beginning in August 2026. The EU AI Act will have a significant impact on organizations that develop, deploy, or use AI systems both inside and outside the EU. Its application depends on the nature of the AI systems, the specific use case, and the role of the relevant actor (including whether the organization is acting as an AI provider or deployer). The EU AI Act adopts a risk-based regulatory framework. Certain AI systems used for specified purposes are prohibited outright. Other AI systems will be classified as high risk and subject to extensive pre- and post-market compliance obligations. The EU AI Act also contains dedicated provisions governing general-purpose AI models. AI systems posting lesser regulatory risk are generally subject only to limited transparency obligations, particularly where they interact with individuals. Administrative fines may be imposed for non-compliance and will vary based on the nature of the infringement and the size of the organization, including by reference to worldwide annual turnover.

In addition to the above, the Bank’s and the Corporation’s subsidiary banks located outside the United States are subject to regulatory capital requirements in the jurisdictions in which they operate. As of December 31, 2025, each of our non-U.S. banking subsidiaries had capital ratios above their specified minimum requirements.

Human Capital Management

Our talent is our greatest asset and a core enabler of our strategy. Empowering our employees is central to our talent vision. Northern Trust employed approximately 23,800 full-time equivalent employees as of December 31, 2025. The regional breakout of our employee base is 42% Asia-Pacific, 41% North America, and 17% Europe, Middle East, and Africa.

Our Board of Directors, including the Human Capital and Compensation Committee, oversees our human capital management strategies and practices. Northern Trust’s senior leadership provides regular human capital reporting and updates to the Board and its Committees to support this oversight.

THE EMPLOYEE EXPERIENCE

We elevate the employee experience from recruitment to retirement by investing in three core areas: professional development, rewarding performance, and strengthening workforce and operational resiliency. By fostering an environment where our employees thrive, we ensure that our workforce is fully engaged, motivated, celebrated, and equipped to drive our strategy.

To support this effort, we continue to invest in our Human Capital Management System to help streamline manual processes, enable dynamic workforce analytics, and unlock new capabilities through a central manager workspace that helps managers make informed decisions and gain deeper insights into their teams.

Our culture influences how we behave as an organization and unites us across businesses, geographies, and functions. Embedded in our culture are five behaviors to help us deliver on our strategic objectives: relentlessly client-centric, constantly managing risk, respectfully candid, intentionally inclusive, and always accountable.

12 2025 ANNUAL REPORT | NORTHERN TRUST CORPORATION

PROFESSIONAL DEVELOPMENT

From internships to executive development, our goal is to help our employees excel in their current roles and acquire new skills for future growth. Through Northern Trust University, we deliver comprehensive professional and functional training programs designed to equip our employees at every stage of their careers. Our performance management practices promote high performance across the company and are aligned to our strategy from goal setting to evaluation.

Our managers play a pivotal role in advancing Northern Trust’s strategic goals through their teams. Northern Trust is intentionally investing in manager development through a comprehensive program that addresses both enterprise and individual priorities aligned to four areas of focus: Tools and Resources, Development, Engagement, and Talent Processes. We believe managers need not only the skills to lead effectively but also the right ecosystem to succeed.

REWARDING PERFORMANCE

Recognizing and rewarding the contributions of our employees is critical to their continued success. We offer a variety of awards and recognition programs tailored to different opportunities and achievements. Our Celebrate Great platform provides real-time, peer-to-peer recognition, reinforcing everyday moments of appreciation. Our in-person celebrations, such as the Quarter Century Club, which honors our long-tenured employees, and the Chairman’s Awards, which recognize outstanding individual and team achievements further reinforce a culture of performance and appreciation.

We ensure our employees are compensated fairly by aligning their total compensation with market competitive pay for their roles, experience, and performance. Our total compensation includes base salaries, performance-linked incentive compensation, and comprehensive benefits designed to meet the needs of our employees and their families.

WORKFORCE & OPERATIONAL RESILIENCY

Our operating model is designed to reinforce the strength of our control framework, foster enterprise change management, provide robust governance and oversight, accelerate scalable growth, and leverage and develop our talent. To align with our strategy and position the Corporation for future success, new leaders are appointed from our internal talent pool as well as recruited externally to bring in new skills and expertise.

Planning for leadership resiliency is a core component of our talent strategy. We identify and develop leaders with the necessary skills to execute business strategies and have documented succession plans for leadership resiliency roles.

Our well-being programs support employees and help maintain an inclusive and resilient environment. Through these programs, we enhance employee engagement, reduce workforce risks, and build an adaptive, high-performing culture.

In 2025, over 87% of our employees participated in our annual employee engagement survey which is a crucial tool for understanding and meeting the needs of our employees and driving engagement and retention. The survey results are reviewed by the Board and discussed in leadership meetings, reflecting our dedication to continuous improvement.

Embedded in our engagement survey is an inclusion index which is a gauge to understand our employees’ sense of belonging and their ability to contribute to the success of the firm. We are committed to fostering an inclusive workplace that aligns with the Corporation’s mission, values, goals, business practices, and all applicable laws.

Available Information

Through the Corporation’s website at www.northerntrust.com, the Corporation makes available free of charge its Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and all other reports and all amendments to those reports filed or furnished pursuant to Section 13(a) or 15(d) of the Securities Exchange Act of 1934, as amended (Exchange Act), as soon as reasonably practicable after it files such material with, or furnishes such material to, the SEC. The contents of the Corporation’s website, the website of the SEC at www.SEC.gov or any other website referenced herein are not a part of this Annual Report on Form 10-K.