TRUIST FINANCIAL CORP (TFC) Business

ITEM 1. BUSINESS

Truist Financial Corporation is a purpose-driven financial services company committed to inspiring and building better lives and communities. Headquartered in Charlotte, North Carolina, Truist has leading market share in many of the high-growth markets in the U.S. and offers a wide range of products and services through its WB and CSBB operating segments, including consumer and small business banking, commercial and corporate banking, investment banking and capital markets, wealth management, payments, and specialized lending businesses. Refer to the “Segment Results” section in MD&A and “Note 21. Operating Segments” for additional information on the Company’s reportable segments.

Truist Bank, the largest subsidiary of Truist Financial Corporation, was chartered in 1872 and is the oldest bank headquartered in North Carolina. Truist Bank is one of the 10 largest commercial banks in the U.S. and provides banking and trust services for clients through its digital platform and 1,927 branches as of December 31, 2025.

Product and Services

Truist offers a wide range of banking services to individuals, businesses, and municipalities. We offer a variety of loans and lease financing to consumer and wholesale clients primarily within our geographic footprint, including commercial and industrial, commercial real estate, commercial construction, residential mortgage, home equity, indirect auto, other consumer, and credit card lending. We also provide a wide range of non-lending services to consumer and wholesale clients, including deposits, merchant services, treasury management services, trust and retirement services, comprehensive wealth advisory services, investment brokerage services, asset management, and capital markets services. For additional information about lending and non-lending products and services offered by Truist, see the “Lending Activities” section in MD&A and “Note 21. Operating Segments,” respectively.

Market Area

The following table details Truist Bank’s deposit market share and branch locations by state:

(1)Deposit market share rank excludes home office deposits.

(2)Source: www.FDIC.gov data as of June 30, 2025.

(3)As of December 31, 2025.

4 Truist Financial Corporation

Competition

The financial services industry is intensely competitive and constantly evolving. Management believes that Truist’s purpose, mission, and values, including a caring client-first approach, are a competitive advantage that strengthens the Company’s ability to provide financial products and services to businesses and individuals in its markets. Legislative, regulatory, economic, and technological changes, as well as continued consolidation within the industry, have resulted in increased competition from new and existing market participants, which is expected to continue in the future. Truist competes actively with national, regional, and local financial services providers, including banks, thrifts, credit unions, investment advisers, asset managers, securities brokers and dealers, private-equity funds, hedge funds, mortgage-banking companies, finance companies, limited-purpose banks, and financial technology companies. Nonbanking entities, including financial technology companies, have increased competition in recent years by providing financial products and services directly to customers and indirectly through partnerships. Competition is arising as well from limited-purpose banks and nonbanks involved in digital assets, stablecoins, cryptocurrencies, tokenization, and similar products, services, and technologies that enable financial services and transactions without or with less intermediation by commercial banks. The Company continues to make significant investments to develop its digital platform, including enhancements to its mobile and online applications, in an effort to compete effectively.

Many of our competitors have substantial positions nationally or in the markets in which we operate. Some also have greater scale, financial and operational resources, investment capacity, product and service offerings, and brand recognition. Our competitors may be subject to different and, in some cases, less stringent legislative, regulatory, and supervisory regimes than Truist. Certain competitors differ from us in their strategic and tactical priorities and, for example, may be willing to suffer meaningful financial losses in the pursuit of disruptive innovation and client growth or to accept more aggressive business, compliance, and other risks in the pursuit of higher returns and market valuations. Competition affects every aspect of our business, including product and service offerings, rates, pricing and fees, credit limits, and client service. Successfully competing in our markets also depends on our ability to innovate, to invest in technology and infrastructure, to execute transactions reliably and efficiently, to maintain and enhance our reputation, and to attract, retain, and motivate talented teammates, all while effectively managing risks and expenses. We expect that competition will only intensify in the future.

Purpose, Mission, and Values

Our purpose is to inspire and build better lives and communities.

Our mission is to:

•Provide clients with distinctive, secure, and successful experiences through touch and technology;

•Create an inclusive and energizing environment that empowers teammates to learn, grow, and have meaningful careers; and

•Optimize long-term value for stakeholders through safe, sound, and ethical practices.

Our values are:

•Trustworthy – we serve with integrity

•Caring – everyone and every moment matters

•One Team – together we can accomplish anything

•Success – when our clients win, we all win

•Happiness – positive energy changes lives

Truist Financial Corporation 5

Strategy

In 2025, our work centered around five core strategic priorities:

•Execute strategic growth and profitability initiatives in both WB and CSBB including:

◦In WB, capture more of the commercial middle market with an industry banking strategy, continue momentum in Investment Banking and Capital Markets, generate additional fee income from existing clients in Wealth, and deepen and grow existing client relationships in Wholesale Payments.

◦In CSBB, grow deposits with a focus on Premier clients, increase client acquisition, deepen client relationships, and drive digital acquisition and client engagement.

•Drive positive operating leverage through revenue growth and expense discipline.

•Invest in talent, technology, and our risk infrastructure.

•Maintain our credit and risk discipline.

•Return capital to shareholders through our common stock dividend and share repurchases.

Looking ahead, our strategic priorities remain unchanged. By successfully executing on them, we seek to accelerate revenue growth, drive greater positive operating leverage, and return more capital to shareholders, all while maintaining our risk discipline. These outcomes are central to driving improved profitability.

Challenges and unforeseen events could have an adverse impact on Truist’s financial condition, results of operations, and strategy. Refer to the sections titled “Forward-Looking Statements and Other Terms” and “Item 1A. Risk Factors” for examples of such challenges and events.

Regulatory and Supervisory Considerations

We are subject to an extensive regulatory framework that affects the products and services that we may offer and the manner in which we may offer them, the risks that we may take, the ways in which we may operate, and the corporate and financial actions that we may take, including our ability to make distributions to shareholders. Bank regulation and supervision are intended primarily for the protection of depositors and other customers, the DIF, and the role and stability of the U.S. financial system, rather than for the protection of shareholders and non-deposit creditors.

We are supervised by federal and state governmental agencies that conduct comprehensive examinations of our activities. These agencies have broad authority to enforce many of the statutes, regulations, and other laws that apply to us. If one or more of our supervisors determine that we have failed to comply with applicable law, comport with safe and sound practices, or meet supervisory expectations, they may take formal or informal enforcement actions against us or assign supervisory ratings to us that could restrict or otherwise impact our businesses or operations. In addition, we are subject to the rules and oversight of the self-regulatory organizations to which we belong.

This section describes elements of the regulatory framework that applies to us. These descriptions, however, are qualified in their entirety by the full text and judicial or administrative interpretations of applicable laws and may not cover possible or proposed changes to applicable laws. Portions of these laws may be subject to ongoing or future litigation or administrative actions that may affect their scope or interpretation and their applicability to or impact on Truist.

General

Truist Financial Corporation, a BHC that has elected to be an FHC, is subject to the BHCA and consolidated regulation and supervision by the FRB.

Truist Bank, a North Carolina state-chartered commercial bank that is not a member of the Federal Reserve System, is subject to regulation and supervision by the NCCOB and the FDIC. Truist Bank and its affiliates are also subject to regulation and supervision by the CFPB in relation to certain federal consumer financial protection laws.

Truist and certain of its subsidiaries are subject to federal and state laws governing derivatives transactions, securities underwriting, market making, brokerage, and investment advisory activities and are regulated and supervised by the SEC, the CFTC, FINRA, the MSRB, and the NFA.

Supervisory examination topics include earnings, liquidity, sensitivity to market risk, regulatory capital, asset quality, risk management, compliance, internal controls, information technology, and management and board effectiveness. Following examinations, Truist and Truist Bank are assigned supervisory ratings. These ratings together with examination reports and findings, which are considered confidential supervisory information, can have a significant impact on our business, operations, growth, and profitability.

6 Truist Financial Corporation

Our supervisors may also impose civil money penalties or restrictions and limitations on our activities if they determine that we have failed to comply with applicable law, including by engaging in unfair, deceptive, or abusive acts or practices, or have operated in an unsafe or unsound manner.

The content of the regulatory framework and the intensity of supervision have in the past and are likely in the future to vary over time based on factors such as prevailing economic and political conditions, the policy preferences of relevant government agencies, the perceived performance of the financial services industry, the size of the company, and the jurisdiction in which the company is organized or operates. This variation has in the recent past and may in the future be frequent and uncertain.

Refer to “Item 1A. Risk Factors” for more information on legal, regulatory, and compliance risks.

FHC Regulation

Truist has elected to be treated as an FHC. As long as an FHC maintains its standing as an FHC, it may engage in a broader range of activities than would otherwise be permissible for a BHC, such as securities underwriting, merchant banking, and other activities that are financial in nature or incidental or complementary thereto. If certain conditions are met, FHCs may acquire shares of nonbank companies, with any acquisition of a nonbank company or voting shares of a nonbank company with total consolidated assets of $10 billion or more subject to the prior approval of the FRB. To maintain its standing as an FHC, an FHC and its IDI subsidiaries must be well-capitalized and well managed as defined by applicable law, and any IDI subsidiary must have at least a satisfactory CRA rating. If the FRB determines that an FHC is not well-capitalized or well managed, the FRB may impose corrective capital and managerial requirements on the FHC, which could affect resources and limit amounts otherwise available to creditors and shareholders. In such a situation, the FRB may also place limitations on the ability of an FHC to conduct certain business activities that FHCs are generally permitted to conduct as well as the FHC’s ability to make certain acquisitions. If the failure to meet these standards persists, an FHC may be required to divest its IDI subsidiaries or cease all activities other than those activities that may be conducted by BHCs that are not FHCs. Furthermore, if an IDI subsidiary of an FHC has not maintained a satisfactory CRA rating, the FHC would not be able to commence any new financial activities or acquire a company that engages in such activities, although the FHC would still be allowed to engage in activities that may be conducted by BHCs that are not FHCs.

Federal law requires an FHC to act as a source of financial and managerial strength for its subsidiary IDIs. In times of severe financial stress, the obligation to serve as a source of strength could cause Truist to commit significant resources to supporting Truist Bank that otherwise would be available to Truist’s creditors and shareholders.

Resolution Planning

As a Category III banking organization, Truist is required to submit a plan to the FRB and the FDIC periodically for Truist’s orderly resolution in the event of severe financial stress (a “165(d) Resolution Plan”). If the agencies were to determine that Truist’s 165(d) Resolution Plan is not credible, they would provide a joint notice identifying one or more deficiencies that could undermine the feasibility of the plan. If Truist were to receive such a notice and fail to timely submit a revised 165(d) Resolution Plan or adequately address the identified deficiencies, the agencies may subject Truist to formal or informal enforcement actions, including more stringent capital, leverage, or liquidity requirements or restrictions on growth, activities, or operations. Truist submitted its most recent 165(d) Resolution Plan on September 30, 2025. The next targeted plan is due July 1, 2028.

In addition, as an IDI with over $50 billion in assets, Truist Bank is required to periodically submit to the FDIC a separate bank-level resolution plan (an “IDI Resolution Plan”). In 2024, the FDIC adopted a final rule that significantly modified the required frequency and informational content of IDI Resolution Plans. As a result of the rule, Truist Bank must submit a full IDI Resolution Plan to the FDIC every three years and an interim supplement in other years. The final rule introduced a new credibility standard for evaluating the adequacy of IDI Resolution Plan submissions, set expectations for capabilities testing, and contemplated increased engagement between IDIs and examiners. The application of the new credibility standard may require the exercise of a meaningful degree of judgment by the FDIC. If Truist Bank’s IDI Resolution Plan were not to satisfy the credibility standard or any other provision of the rule, the FDIC may require Truist Bank to revise portions of it. If Truist Bank were to fail to timely submit a revised IDI Resolution Plan or adequately address the identified deficiencies, the FDIC may subject Truist Bank to formal or informal enforcement actions. Truist Bank’s first interim supplement was submitted on July 1, 2025, and its full IDI Resolution Plan submission is due July 1, 2026.

Enhanced Prudential Standards and Regulatory Tailoring Rules

U.S. BHCs, including Truist, are subject to a range of prudential standards and requirements based on their size and complexity. Under tailoring rules adopted by the U.S. banking agencies, Truist is subject to the standards and requirements applicable to Category III banking organizations, which generally include BHCs with greater than $250 billion, but less than $700 billion, in total consolidated assets and less than $75 billion in certain risk-related exposures.

Truist Financial Corporation 7

Truist is therefore subject to more stringent liquidity and capital requirements, leverage limits, internal and supervisory stress testing requirements, single-counterparty credit limits, resolution planning requirements, and enhanced risk management standards compared to smaller institutions, while certain larger banking organizations are subject to even more stringent prudential standards and requirements than Truist.

Capital Requirements

Truist and Truist Bank are subject to risk-based and leverage regulatory capital requirements, which are established by the FRB for Truist and by the FDIC for Truist Bank. Failure of an FHC or an IDI to be well-capitalized as defined by applicable law or to meet minimum capital requirements can result in enforcement and other supervisory actions and have a significantly adverse impact on the institution’s business and operations.

The U.S. risk-based regulatory capital rules are based on the Basel Framework developed by the BCBS for strengthening the regulation, supervision, and risk management of banks as well as certain provisions of the Dodd-Frank Act. These rules prescribe minimum capital levels and allow the FRB and the FDIC to impose incremental capital requirements on a banking organization based on its size, complexity, or risk profile to enhance its ability to operate in a safe and sound manner. Under the standardized approach of the regulatory capital rules that Truist and Truist Bank are required to use, risk weights are applied to their assets, exposures, and certain off-balance sheet items to determine their risk-weighted assets. These risk-weighted assets are the denominator in the following minimum capital ratios for Truist and Truist Bank:

•CET1 Risk-Based Capital Ratio, equal to the ratio of CET1 capital to risk-weighted assets. CET1 capital primarily includes common shareholders’ equity and retained earnings, subject to certain regulatory adjustments and deductions, including with respect to goodwill, intangible assets, certain deferred tax assets, and AOCI. Truist must maintain a minimum CET1 capital ratio of 4.5% plus any additional CET1 mandated as a result of the SCB requirement.

•Tier 1 Risk-Based Capital Ratio, equal to the ratio of Tier 1 capital to risk-weighted assets. Tier 1 capital is primarily composed of CET1 capital, perpetual preferred stock, and certain qualifying capital instruments. Truist must maintain a minimum Tier 1 capital ratio of 6.0%.

•Total Risk-Based Capital Ratio, equal to the ratio of total capital, including CET1 capital, Tier 1 capital, and Tier 2 capital, to risk-weighted assets. Tier 2 capital primarily includes qualifying subordinated debt and qualifying ALLL. Tier 2 capital also includes certain trust preferred securities. Truist must maintain a minimum total capital ratio of 8.0%.

Under the FRB’s capital framework for BHCs, Truist is subject to the SCB, an incremental risk-based capital requirement determined from supervisory stress test results. The SCB is equal to the greater of (i) the difference between Truist’s starting and minimum projected CET1 capital ratios under the severely adverse scenario in the supervisory stress test, plus the sum of the dollar amount of its planned common stock dividends for each of the fourth through seventh quarters of the planning horizon as a percentage of risk-weighted assets, or (ii) 2.5% of risk-weighted assets. Truist is required to describe its planned capital actions in its CCAR capital plan but is not required to seek prior approval for capital distributions in excess of those included in its CCAR capital plan. Instead, Truist is subject to automatic restrictions on capital distributions if its capital ratios fall below applicable minimum requirements, inclusive of the SCB. Refer to the section titled “Capital Planning and Stress Testing Requirements” for more information on the CCAR capital plan.

The FRB has assigned Truist an SCB of 2.5%, which was effective from October 1, 2025 to September 30, 2026, when a revised SCB ordinarily would be provided to Truist. On February 4, 2026, the FRB notified Truist of a determination to extend until October 1, 2027, the deadlines for providing Truist with notice of its preliminary and final SCB requirements calculated in 2026. The FRB explained that its proposal from October 2025, seeking public comment on the models that the FRB planned to use for the 2026 supervisory stress test was still outstanding and was not expected to be finalized before conducting the 2026 supervisory stress test. As a result, absent further action from the FRB, Truist will continue to be subject to its current SCB requirement of 2.5% until 2027, when a new SCB based on updated models can be calculated. If Truist takes part in the supervisory stress test in 2027 as expected, Truist would receive a new final SCB requirement based on the results of a supervisory stress test conducted in 2027. If Truist continues to be subject to the capital plan rule but does not take part in the supervisory stress test in 2027, a final SCB requirement would be assigned that has been adjusted to account for Truist’s updated planned common stock dividends. The FRB reserved the authority to modify these deadlines based on a change in actual or expected economic conditions, a change in the financial condition of Truist or its risk profile, or other factors that could affect the safety and soundness of Truist.

8 Truist Financial Corporation

At the FRB’s discretion, certain large banking organizations, including Truist, may be subject to a CCyB of up to 2.5% of risk-weighted assets. This buffer is currently set at zero. An FRB policy statement establishes the framework and factors the FRB would use in setting and adjusting the CCyB. Covered banking organizations would generally have 12 months after the announcement of any increase in the CCyB to meet the increased buffer requirement, unless the FRB establishes an earlier effective date. Based on Truist’s current SCB, if the maximum CCyB amount is implemented, Truist would be required to maintain a CET1 capital ratio of at least 9.5%, a Tier 1 capital ratio of at least 11.0%, and a total capital ratio of at least 13.0% to avoid limitations on capital distributions and certain discretionary incentive compensation payments.

Certain large banking organizations with significant trading assets and liabilities, including Truist, are subject to the Market Risk Rule and must adjust their risk-based capital ratios to reflect the market risk of their trading activities. Refer to the “Market Risk” section in MD&A for additional disclosures related to market risk management.

Truist and Truist Bank are subject to a Tier 1 leverage ratio, equal to the ratio of Tier 1 capital to quarterly average assets, net of goodwill, certain other intangible assets, and certain other deductions. Category III banking organizations are also subject to a minimum 3.0% supplementary leverage ratio. The supplementary leverage ratio is calculated by dividing Tier 1 capital by total leverage exposure, which takes into account on-balance sheet assets as well as certain off-balance sheet items, including loan commitments and potential future exposure of derivative contracts.

For purposes of certain FRB rules, including determining whether a BHC meets the requirements to be an FHC, the BHC must maintain a Tier 1 Risk-Based Capital Ratio of 6.0% or greater and a Total Risk-Based Capital Ratio of 10.0% or greater to be “well-capitalized.” The FRB may require a BHC to maintain capital ratios in excess of mandated minimum levels, depending upon general economic conditions and the BHC’s particular condition, risk profile, and growth plans.

In July 2023, the U.S. banking agencies issued a proposal to revise the risk-based capital standards applicable to Truist and Truist Bank. The U.S. banking agencies have indicated their intent to re-propose the revised risk-based capital standards. The potential impacts on Truist and Truist Bank of a final rule remain uncertain.

Refer to the “Capital” section in MD&A for additional information on minimum regulatory capital ratios and well-capitalized minimum ratios applicable to Category III banking organizations.

Capital Planning and Stress Testing Requirements

Under the FRB’s CCAR process and related capital plan rule, Truist must submit an annual capital plan to the FRB that reflects its projected financial performance under hypothetical macro-economic scenarios, including stress scenarios designed by Truist and a supervisory severely adverse scenario provided by the FRB.

The FRB’s CCAR framework and the Dodd-Frank Act stress testing framework require BHCs subject to Category III standards, such as Truist, to conduct company-run stress tests and submit to supervisory stress tests conducted by the FRB. Company-run stress tests employ stress scenarios provided by the FRB and incorporate Dodd-Frank Act capital actions intended to normalize capital distribution assumptions across large U.S. BHCs. Truist is required to conduct additional stress tests using internally-developed scenarios tailored to its unique risk profile. The FRB conducts CCAR and Dodd-Frank Act supervisory stress tests employing internal supervisory models and supervisory stress scenarios. As a Category III banking organization, Truist is subject to annual supervisory stress testing and biennial company-run stress testing requirements.

Truist is required to submit its next capital plan and the results of its internal stress tests to the FRB by April 5, 2026. The FRB is expected to announce the results of its supervisory stress tests by June 30, 2026.

In April 2025, the FRB issued a proposed rule that would result in the SCB being calculated based on an average of a banking organization’s stress test results over two consecutive years, which is intended to reduce volatility in banking organizations’ capital requirements.

In October 2025, the FRB issued proposals to enhance the transparency and public accountability of its annual supervisory stress test. The proposals request comment on several elements of the stress test, including the models and scenarios used; an enhanced disclosure process for the scenarios and material model changes in future stress test cycles; modifications to reporting forms; and an adjusted timeline for the annual process to accommodate a comment period for scenarios and material model changes.

Truist Financial Corporation 9

Liquidity Requirements

Certain BHCs and their bank subsidiaries, including Truist and Truist Bank, are subject to a minimum LCR and NSFR. The LCR rule requires that banking organizations maintain an amount of eligible HQLA that is sufficient within the parameters of the rule to meet estimated total net cash outflows over a prospective 30 calendar-day period of stress. The NSFR rule defines a minimum amount of stable, long-term funding that banking organizations must maintain in relation to their asset composition and off-balance sheet activities. The NSFR, calculated as the ratio of available stable funding to required stable funding, must exceed 1.0x for banking organizations required to meet the full requirement. Available stable funding represents a weighted measure of a company’s funding sources over a one-year time horizon, calculated by applying standardized weightings to the company’s equity and liabilities based on their expected stability. Required Stable Funding is calculated by applying standardized weighting to assets, derivatives exposures, and certain other items based on their liquidity characteristics. As a Category III banking organization, Truist and Truist Bank are subject to LCR and NSFR requirements equal to 85% of the full requirement.

Truist is also subject to FRB rules that require certain large BHCs to conduct internal liquidity stress tests over a range of time horizons, maintain a buffer of highly liquid assets sufficient to meet projected net outflows under the BHC’s 30-day liquidity stress test, and maintain a contingency funding plan.

Long-Term Debt and Clean Holding Company Requirements

U.S. banking agencies issued a proposed rule that would require banking organizations with $100 billion or more in total assets to comply with long-term debt requirements and clean holding company requirements that currently apply only to GSIBs. This proposal would also impose a long-term debt requirement on certain categories of IDIs, including IDIs with $100 billion or more in total assets, such as Truist Bank. The clean holding company requirements would limit or prohibit banking organizations such as Truist from entering into certain transactions that could impede its orderly resolution, including transactions that could spread losses to subsidiaries and third parties or could limit the amount of Truist’s liabilities that are not eligible long-term debt. The timing and form of any final rule implementing the long-term debt requirements and clean holding company requirements remains uncertain.

Payment of Dividends

The Parent Company is a legal entity separate and distinct from its subsidiaries. The Parent Company depends in part upon dividends received from its direct and indirect subsidiaries, including Truist Bank, to fund its activities, including capital distributions such as dividends and share repurchases. Federal law limits Truist Bank’s ability to declare and pay dividends to the Parent Company, including under regulatory capital requirements, safety-and-soundness requirements, and requirements relating to the payment of dividends out of net profits, surplus, and available earnings. Certain contractual restrictions also may limit the ability of Truist Bank to pay dividends to the Parent Company. No assurances can be given that Truist Bank will, in any circumstances, pay dividends to the Parent Company.

The Parent Company’s ability to declare and pay dividends is similarly limited by federal banking law and FRB policies. The FRB has authority to prohibit a BHC from making capital distributions if determined to be an unsafe or unsound practice. The FRB has indicated generally that paying dividends may be an unsafe and unsound practice unless net income is sufficient to fund the dividends and the expected rate of earnings retention is consistent with the BHC’s capital needs, asset quality, and overall financial condition. In addition, a BHC’s ability to make capital distributions, including dividends and share repurchases, is subject to the FRB’s automatic restrictions on capital distributions if the BHC fails to maintain certain regulatory capital ratios. Truist’s risk-based capital and leverage ratio requirements are discussed above in the “Capital Requirements” section.

North Carolina law provides that, as long as a bank does not make distributions that reduce its capital below its applicable required capital, the board of directors of a bank chartered under the laws of North Carolina may declare such distributions as the directors deem proper.

Prompt Corrective Action

U.S. banking agencies are required to take “prompt corrective action” against IDIs that do not meet minimum capital requirements. There are five statutory categories that characterize an IDI’s capital position for this purpose: “well-capitalized,” “adequately capitalized,” “undercapitalized,” “significantly undercapitalized,” and “critically undercapitalized.” To be considered “well-capitalized,” an IDI must maintain minimum capital ratios and must not be subject to any order or written directive to meet and maintain a specific capital level for any capital measure.

10 Truist Financial Corporation

An IDI that fails to remain well-capitalized becomes subject to a series of restrictions that increase in severity as its capital condition weakens. These restrictions may include a prohibition on capital distributions, restrictions on asset growth, or the withholding of regulatory approval for applications. Additionally, the FRB is authorized to act against BHCs with undercapitalized IDI subsidiaries. In certain instances, a BHC acting as a source of strength would be required to guarantee the performance of the undercapitalized subsidiary’s capital restoration plan and could be liable for civil money damages for failing to fulfill those guarantees.

If an IDI fails to meet applicable capital requirements, its supervisors may take a variety of formal and informal enforcement actions, including directing the IDI to raise additional capital, substantially restricting the IDI’s operations and activities, terminating the IDI’s deposit insurance, and in severe cases appointing a conservator or receiver for the IDI.

Transactions with Affiliates

Transactions between Truist Bank and its nonbank affiliates, including the Parent Company, are subject to a number of legal restrictions. Under the Federal Reserve Act and FRB regulations, Truist Bank and its subsidiaries are subject to quantitative and qualitative limits on extensions of credit, purchases of assets, and certain other transactions with nonbank affiliates, including requirements that transactions be at arm’s length and consistent with safety and soundness.

Acquisitions

Truist requires prior regulatory approval to engage in certain acquisitions. For example, under the BHCA, a BHC may not directly or indirectly acquire ownership or control of more than 5% of the voting shares or substantially all of the assets of any BHC or bank or merge or consolidate with another BHC without the prior approval of the FRB. The BHCA and other federal laws enumerate the factors the FRB must consider when reviewing the merger of BHCs, the acquisition of banks, or the acquisition of voting securities of a bank or BHC. These factors include the competitive effects of the transaction in the relevant geographic markets; the financial and managerial resources and future prospects of the companies and banks involved in the transaction; the effect of the transaction on the financial stability of the U.S.; the organizations’ compliance with anti-money laundering statutes and regulations; the convenience and needs of the communities to be served; and the records of performance under the CRA of the IDIs involved in the transaction.

Federal law authorizes interstate acquisitions of banks and BHCs without geographic limitation, and a bank headquartered in one state is authorized to merge with a bank headquartered in another state, subject to market share limitations, regulatory approvals, and any state requirement that the target bank must have been in existence and operating for a minimum period of time. The FRB’s market share limitations impose conditions that the acquiring BHC, after and as a result of the acquisition, control no more than 10% of the total amount of deposits of IDIs in the U.S. and no more than 30%, subject to variation by state law, of such deposits in applicable states. FRB rules also prohibit an FHC from combining with another company if the resulting company’s liabilities would exceed 10% of the aggregate consolidated liabilities of all U.S. financial companies.

After a bank has established branches in a state through an interstate merger transaction, the bank may establish and acquire additional branches at any location in the state where a bank headquartered in that state could have established or acquired branches under applicable federal or state law.

The U.S. DOJ has withdrawn its 1995 Bank Merger Guidelines, which focused primarily on concentrations of deposits and branches, and clarified that it will assess competition considerations in connection with bank and BHC mergers using its 2023 Merger Guidelines and 2024 Banking Addendum. The 2023 Merger Guidelines are a general merger review framework used to evaluate transactions in all segments of the economy, and the 2024 Banking Addendum allows for consideration of theories of harm and relevant markets not considered in the 1995 Bank Merger Guidelines. It is still not entirely clear how the U.S. DOJ will apply this new merger review framework to bank and BHC mergers.

Other Safety and Soundness Regulations

The FRB has authority to prohibit BHCs and their subsidiaries from conducting activities that constitute unsafe or unsound practices or violations of statute, rule, regulation, administrative order, or written agreement with a U.S. banking agency. These powers may be exercised through the issuance of confidential supervisory actions, cease and desist orders, civil money penalties, or other actions.

In October 2025, the FDIC and the OCC issued a proposed rule that would define the term “unsafe or unsound practice” for purposes of their enforcement powers under the Federal Deposit Insurance Act. The proposed definition would focus on whether the practice is likely to materially harm, or already has materially harmed, the financial condition of an institution.

Truist Financial Corporation 11

Federal law and regulatory policy impose a number of obligations and restrictions on BHCs and their IDI subsidiaries that are designed to reduce potential loss exposure to depositors and the DIF in the event that the BHC or the IDI becomes or is in danger of becoming insolvent. In particular, a BHC must serve as a source of financial and managerial strength to its subsidiary IDI and commit financial resources to support that IDI during periods of severe stress.

U.S. banking agencies have other broad powers over IDIs as well, including the power to impose confidential supervisory actions and civil penalties and to appoint a receiver or conservator over an IDI for the benefit of depositors and other creditors. The NCCOB also has the authority to take possession of a North Carolina state bank in certain circumstances, including when it appears that the bank has violated its charter or applicable law, is conducting its business in an unauthorized or unsafe manner, is in an unsafe or unsound condition to transact its business, or has an impairment of its capital stock.

DIF Assessments

Truist Bank’s deposits are insured by the FDIC up to the maximum insurable amount, which is currently $250,000 per depositor per account ownership type. The FDIC imposes a risk-based deposit premium assessment system that determines assessment rates for each IDI using an assessment rate calculator, which incorporates measurements of the risk each IDI poses to the DIF. The assessment rate is applied to total average assets less tangible equity, as defined by the Dodd-Frank Act. The assessment rate schedule can change from time to time at the discretion of the FDIC, subject to certain limits. Under the current system, premiums are assessed quarterly.

The FDIC implemented a special assessment to recoup losses to the DIF associated with the large bank failures in 2023. The special assessment is based on an IDI’s estimated uninsured deposits. Truist Bank’s special assessment may be adjusted for changes in the estimated relevant losses to the DIF reported by the FDIC. The special assessment will be paid by IDIs in eight quarterly installments, which began in the second quarter of 2024.

In December 2025, the FDIC issued an interim final rule reducing the special assessment rate for the eighth collection quarter, with an invoice payment date of March 30, 2026, and outlining a process for (i) an offset to regular quarterly deposit insurance assessments for IDIs subject to the special assessment if the special assessment amount collected ultimately exceeds losses to the DIF or (ii) a one-time final shortfall special assessment if losses to the DIF exceed the special assessment amount collected.

Consumer Protection Laws

In connection with its lending, leasing and deposit-taking activities, Truist Bank is subject to federal and state laws designed to protect consumers and borrowers and to promote financial services for various sectors of the economy and population. The CFPB examines Truist and Truist Bank for compliance with a broad range of federal consumer financial statutes and regulations, including those that relate to credit card, mortgage, automobile, student, and other consumer loans as well as deposit products and other consumer financial products and services. Laws that the CFPB is charged with enforcing include the Truth in Lending Act, Truth in Savings Act, Home Mortgage Disclosure Act, Fair Credit Reporting Act, Electronic Funds Transfer Act, Real Estate Settlement Procedures Act, Fair Debt Collection Practices Act, and Equal Credit Opportunity Act. The CFPB may take enforcement actions to prevent and remedy acts and practices relating to consumer financial products and services that it deems to be unfair, deceptive, or abusive. The CFPB also may impose new disclosure requirements for consumer financial products and services. CFPB regulations and supervisory actions may impact Truist or Truist Bank, including by reducing the fees that Truist and Truist Bank receive, altering the way products and services are provided, or increasing the risk of private litigation or regulatory enforcement action.

In October 2024, the CFPB finalized a rule under the Dodd-Frank Act that requires certain entities, including Truist and Truist Bank, to make available to a consumer, upon request, information in the entity’s control or possession concerning the consumer financial product or service that the consumer obtained from that entity. The rule also requires data providers holding a consumer account, such as Truist Bank, to establish a developer interface satisfying certain data security specifications and other standards, through which the data provider can receive requests for and provide specific types of data covered by the rule in electronic, usable form to authorized third parties such as data aggregators. Data providers are prohibited from charging consumers or third parties fees for processing these consumer data requests. The rule further places certain data security, authorization, and other obligations on third parties accessing covered data from data providers, which could include Truist and Truist Bank when acting in certain capacities. In addition, the rule requires these third parties to limit their collection, use, and retention of the data received from the applicable data provider to only what is reasonably necessary to provide the applicable consumer’s requested product or service, including uses that are reasonably necessary to improve the product or service. After release of the final rule, banking industry participants sued to enjoin and invalidate the rule in the United States District Court for the Eastern District of Kentucky. The CFPB has indicated that it will significantly revise the final rule, which is expected to change Truist's and Truist Bank's obligations and the applicable compliance dates. On October 29, 2025, the court granted a preliminary injunction to pause the compliance dates and to enjoin the CFPB from enforcing the rule until after reconsideration.

12 Truist Financial Corporation

Truist and Truist Bank are subject to consumer protection laws that have been adopted by the states where they operate. State attorneys general and regulatory agencies have authority to enforce these state consumer protection laws as well as certain federal consumer protection laws.

During 2025, the CFPB reduced its staff by over 80%. The reduction in force is the subject of litigation, and the staffing cuts are currently stayed pending the federal circuit court’s rehearing of the case. The impact of these developments on banking organizations subject to CFPB regulation and supervision, including Truist, is uncertain. States and state attorneys general may increase regulatory, investigative, and enforcement activity with respect to consumer protection in response to changes in regulation, supervision, and enforcement of consumer protection laws by the CFPB or other federal regulators.

BSA/AML and Sanctions

The BSA, as amended by the Patriot Act, and its implementing regulations are designed to protect the U.S. financial system and those who rely on it from financial crimes, such as money laundering and terrorist financing. The BSA and its implementing regulations do this by requiring financial institutions, including IDIs such as Truist Bank, broker-dealers, and other financial institutions, to develop and implement BSA/AML compliance programs that detect and report financial crimes. The BSA and its implementing regulations also strengthen the ability of U.S. law enforcement agencies and the intelligence community to disrupt and prevent money laundering, the financing of terrorism, and related crimes.

In addition, U.S. persons, including entities like Truist, must comply with sanctions programs administered by OFAC and the U.S. Department of State. These sanctions programs prohibit, among other things, financial transactions involving certain individuals, entities, countries, and territories that are the subject of U.S. economic sanctions and impose other restrictions on certain investments and dealings, including requirements to block assets.

Federal law grants substantial enforcement powers to U.S. banking agencies, FinCEN, OFAC, the U.S. DOJ, and other government agencies with respect to BSA and OFAC compliance, including through examination and ongoing monitoring. This enforcement authority includes the ability to assess significant civil and criminal monetary penalties, fines, and restitution; to issue cease and desist or prohibition orders; to initiate injunctive actions against financial institutions and institution-affiliated parties; and to impose restrictions on business, including bank and BHC mergers and acquisitions. These enforcement actions may be initiated for violations of statutes and regulations or for unsafe and unsound practices and could result in substantial negative shareholder reaction and reputational damage.

Privacy, Data Protection, and Cybersecurity

Various federal and state statutes and regulations contain data privacy, data protection, and cybersecurity provisions, and the regulatory framework for data privacy, data protection, and cybersecurity is rapidly evolving. The FRB, the FDIC, and other U.S. banking agencies have adopted guidelines for safeguarding confidential, personal customer information. These guidelines require each financial institution, under the supervision and ongoing oversight of its board of directors or an appropriate committee thereof, to create, implement, and maintain a comprehensive written information security program designed to support the security and confidentiality of customer information, protect against any anticipated threats or hazards to the security or integrity of such information, and protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer. In addition, a number of government entities, including the FRB and the SEC, have increased their focus on cybersecurity through guidance, examinations, and regulations.

At the federal level, the Gramm-Leach-Bliley Act requires financial institutions to, among other things, implement policies and procedures regarding the disclosure of nonpublic personal information about consumers to non-affiliated third parties. In general, the statute requires that financial institutions provide explanations to consumers on their policies and procedures regarding the disclosure of such nonpublic personal information and, except as otherwise required by law, prohibits disclosing such personal information except as provided in the financial institution’s policies and procedures.

A joint regulation from the FRB, the OCC, and the FDIC requires a banking organization to notify its primary federal regulators as soon as possible and within 36 hours after identifying a “computer-security incident” that the banking organization believes in good faith has materially disrupted or degraded, or is reasonably likely to materially disrupt or degrade, its business or operations in a manner that would, among other things, jeopardize the viability of its operations, result in customers being unable to access their deposit and other accounts, result in a material loss of revenue, profit or stock price, or pose a threat to the financial stability of the U.S.

Truist Financial Corporation 13

In addition, once implementing regulations are finalized, the Cyber Incident Reporting for Critical Infrastructure Act (“CIRCIA”) will require, among other things, covered entities to report significant cyber incidents, including ransomware attacks, to the Cybersecurity and Infrastructure Security Agency (“CISA”) within 72 hours from the time the covered entity reasonably believes the incident occurred (and within 24 hours of making a ransom payment as a result of a ransomware attack). The CISA proposed a rule under the CIRCIA in April 2024 that would clarify the scope of cyber incidents to be reported and would further define covered entities subject to the CIRCIA to include banking organizations like Truist. Although the CIRCIA originally required the CISA to finalize its regulations by October 2025, the CISA has extended such deadline to May 2026.

Truist’s nonbank subsidiaries are also subject to rules and regulations issued by the Federal Trade Commission, which regulates unfair or deceptive acts or practices, including with respect to data privacy, data protection, and cybersecurity. Moreover, the U.S. Congress has recently considered, and is expected to continue to consider, various proposals for more comprehensive data privacy, data protection, and cybersecurity legislation.

Like other lenders, Truist Bank uses credit bureau data in its underwriting activities. The Fair Credit Reporting Act regulates use of such data, as well as reporting information to credit bureaus, prescreening individuals for credit offers, sharing of information between affiliates, and using affiliate data for marketing purposes. Similar state laws impose additional requirements on Truist Bank.

States are also increasingly proposing or enacting legislation that relates to data privacy, data protection, and cybersecurity such as the California Consumer Privacy Act as amended by the California Privacy Rights Act. Truist may be subject to similar laws in other states where Truist does business or in states where Truist may collect personal information of residents. In addition, laws in all 50 U.S. states generally require businesses to provide notice under certain circumstances to individuals whose personal information has been disclosed as a result of a data breach.

Moreover, the New York Department of Financial Services Cybersecurity Regulation is driving significant cybersecurity compliance activities for covered Truist entities. This regulation includes phased compliance periods as well as annual attestations of compliance by these Truist entities.

Truist has undertaken compliance activities to address these statutes and regulations and continues to assess their requirements and applicability to Truist. These statutes and regulations, as well as proposed legislation and regulation regarding privacy, data protection, and cybersecurity, are subject to revision or formal guidance and may be interpreted or applied in a manner inconsistent with the Company’s understanding, which may result in further uncertainty and require Truist to incur additional costs to comply. Refer to “Item 1A. Risk Factors” for more information on the risks related to compliance with applicable privacy, data protection, and cybersecurity statutes and regulations.

CRA

The CRA requires that U.S. banking agencies assess the records of banks in meeting the credit needs of the communities where they are chartered to do business, including low- and moderate-income neighborhoods, consistent with safe and sound operations. Banks are assigned one of four ratings: “Outstanding,” “Satisfactory,” “Needs to Improve,” or “Substantial Noncompliance.” A bank’s assessment is considered in connection with its application to merge or consolidate with or acquire the assets or assume the liabilities of another bank or to open or relocate a branch office. The CRA record of each subsidiary bank of an FHC is assessed by the FRB in connection with any proposed acquisition or merger application. For its most recent CRA examination period, Truist Bank received the highest possible overall rating of “Outstanding” from the FDIC.

In October 2023, the U.S. banking agencies issued a final rule to significantly amend their regulations implementing the CRA. This rule was subject to litigation, and a preliminary injunction was issued that prevented the rule from taking effect. In July 2025, the agencies issued a notice of proposed rulemaking to rescind the rule and reinstate the previous CRA regulations.

Automated Overdraft Payment Regulation

Federal consumer protection laws govern automated overdraft payment programs offered by financial institutions. The CFPB prohibits financial institutions from charging consumers fees for paying overdrafts on ATM and one-time debit card transactions, unless a consumer opts in to the overdraft service. Financial institutions must provide consumers with a notice that explains the financial institution’s overdraft services, including associated fees and the consumer’s choices. In addition, FDIC-supervised institutions must monitor overdraft payment programs for “excessive or chronic” client use and undertake “meaningful and effective” follow-up action with clients that overdraw their accounts more than six times during a rolling 12-month period. Financial institutions must also impose daily limits on overdraft charges, review and modify check-clearing procedures, prominently distinguish account balances from available overdraft coverage amounts, and provide for board and management oversight regarding overdraft payment programs. Truist offers checking accounts that are not subject to overdraft fees.

14 Truist Financial Corporation

Interchange Fees

The Dodd-Frank Act requires the FRB to establish standards for assessing whether debit interchange fees charged by large debit card issuers, including Truist Bank, are reasonable and proportional to the cost incurred by the issuers. These standards are set forth in the FRB’s Regulation II, which has been subject to extensive litigation that remains ongoing. In 2023, the FRB proposed but has not yet finalized revisions to Regulation II that would lower the interchange fee cap applicable to Truist Bank, which may result in reduced interchange fee revenue.

States have taken steps as well to regulate interchange fees. The Illinois Interchange Fee Prohibition Act prohibits credit and debit card issuers, payment card networks, acquirer banks, and processors from receiving or charging an Illinois merchant any interchange fees on the gratuity and state and local tax portions of the transactions. This statute has an implementation date of July 1, 2026, and while subject to litigation, has not been enjoined. Other states are considering similar legislation, including some that is more expansive in its restrictions on interchange fees.

Volcker Rule

Truist is prohibited under the Volcker Rule from (i) engaging in proprietary trading of certain securities and (ii) having certain ownership interests in and relationships with covered private funds. The Volcker Rule contains certain exemptions and exclusions, including for market-making, hedging, underwriting, and trading in U.S. government and agency obligations. Additionally, the Volcker Rule permits certain ownership interests in certain types of funds and permits the offering and sponsoring of funds under certain conditions. Truist maintains specific Volcker Rule compliance programs.

Regulatory Regime for Swaps

The Dodd-Frank Act established a comprehensive regulatory regime for the OTC swaps market aimed at increasing transparency and reducing systemic risk in the derivatives markets, including requirements for central clearing, exchange trading, capital adequacy, margin, reporting, and recordkeeping. The Dodd-Frank Act requires that certain swap dealers and security-based swap dealers register with one or both of the SEC and the CFTC, depending on the nature of the swaps business. Truist Bank is registered with the CFTC as a swap dealer and is registered with the SEC as a security-based swap dealer, subjecting Truist Bank to the CFTC’s and SEC’s regulatory regimes. This includes trade reporting and recordkeeping requirements, business conduct requirements (including daily valuations, disclosure of material risks associated with swaps and disclosure of material incentives and conflicts of interest), and mandatory clearing and exchange trading requirements for certain standardized swaps designated by the CFTC. The NFA is the primary self-regulatory organization for Truist’s swap dealer. Truist Bank’s uncleared swaps and security-based swaps are subject to variation margin and initial margin requirements.

Broker-Dealer and Investment Adviser Regulation

Truist’s broker-dealer and investment adviser subsidiaries are subject to regulation by the SEC. FINRA is the primary self-regulatory organization for Truist’s registered broker-dealer subsidiaries. Truist’s broker-dealer and investment adviser subsidiaries are subject to additional regulation by states or local jurisdictions. The SEC and FINRA have enforcement powers over broker-dealers and investment advisers and can bring actions that result in fines, restitution, a limitation on permitted activities, disqualification to continue to conduct certain activities, and an inability to rely on certain favorable exemptions. Certain types of infractions and violations can affect Truist’s ability to issue new securities expeditiously. In addition, certain changes in the activities of a broker-dealer require approval from FINRA, which may base its approval on a variety of factors, such as internal controls, capital levels, management experience and quality, prior enforcement and disciplinary history, and supervisory concerns.

Other Regulatory Matters

Truist is subject to examination by federal and state banking regulators as well as the SEC, the CFTC, FINRA, the MSRB, the NFA, various taxing authorities, and various state securities and other regulators. Truist periodically receives requests for information on business and accounting practices from regulatory authorities in various states, including state attorneys general, securities regulators, and other regulatory authorities. Such requests are part of our normal conduct of business.

Human Capital

Truist works as One Team—unified by its purpose, mission, and values—to meet clients’ needs, uplift communities, empower teammates, and promote effective risk management and controls to drive performance. Truist recognizes that attracting the best talent, making investments in teammates, caring to better understand their backgrounds and experiences, and helping to bolster their career trajectories ultimately leads to more engaged and productive teammates, which can contribute to better client service and business outcomes for Truist overall.

Truist Financial Corporation 15

The Compensation and Human Capital Committee of the Board oversees the design and governance of Truist’s compensation and benefit programs consistent with its compensation philosophy. This committee also provides oversight of Truist’s human capital strategy that supports attracting, developing, and retaining qualified teammates.

Truist strives to follow rigorous and dynamic talent practices, which develop teammates for success in a broad set of roles. Our talent practices include performance, succession, and progression planning.

Truist’s Enterprise Ethics Office manages the standards for ethical conduct and monitors conduct risks and related teammate concerns. The Enterprise Ethics Office also facilitates the Board’s review and approval of the Code of Ethics. Through its risk monitoring and oversight routines, the Enterprise Ethics Office identifies trends and insights related to Truist’s organizational culture and control environment, which are reported to the Executive-level ERC and the Board.

The following table presents a summary of teammates as of December 31, 2025:

Truist also leverages a contingent workforce, which is not reflected in the table, as an important part of the Company’s overall workforce strategy.

Truist aspires to foster a performance-based culture that is reinforced with transparency and feedback. Through transparency, we further our teammate mission of creating an inclusive and energizing environment that empowers teammates to learn, grow, and have meaningful careers. Promoting feedback allows for business settings where every teammate is respected, everyone matters and has a voice, and everyone feels welcome and empowered to make meaningful contributions. Collectively, this approach helps us to be competitive in meeting the needs of our clients and communities.

Talent Practices

Truist utilizes a suite of talent practices providing insight into the state of our talent. Talent practices are designed to underpin and strengthen executive leaders’ decisions, which are informed by data and insights. These practices include:

•Performance management - goal planning, feedback, check-ins, and performance evaluation.

•Succession planning - tools that identify potential interim, near- and longer-term internal successors designed to allow for optionality and business continuity.

•Talent assessment - manager evaluation of the forward-looking potential of eligible teammates through the lens of their performance, ability, agility, and aspiration as well as consideration of retention risk.

•Progression planning - helps teammates and managers chart a path for teammates to learn, grow, and have meaningful careers.

•Enterprise strategic workforce planning and skill assessments – a practice enabling the business to plan for the appropriate workforce capability and capacity in target job profiles.

Talent Development

Truist teammates have access to programs and benefits for career advancement. Teammates can partner with a certified coach to help them identify and focus on potential career paths, create clear goals, and remain accountable in achieving those goals. For teammates who qualify, Truist also provides tuition assistance so teammates can continue formal education by seeking degrees that align with career goals or develop needed emerging skills through our Future Skills program. Truist offers career and job transparency through a set of resources including career discovery and career planning online services. Truist seeks to achieve a career destination culture through career mobility and pipeline strategies and programs, including Truist’s Leadership Institute, which leverages developmental experiences, team optimization, executive coaching, and leadership development.

16 Truist Financial Corporation

In addition to career development opportunities, Truist provides learning experiences to new and existing teammates to help build the skills needed now and in the future, including role skill preparedness, upskilling for advancements, including the responsible use of emerging technologies such as AI, and access to skill building content for teammate-led learning. Truist Learning and Development also prioritizes and integrates regulatory-related training to mitigate risk across the organization. Truist has invested in innovative talent marketplace and learning technologies and believes that skill development leads to healthy and robust career mobility, which furthers our teammate value proposition and retention efforts.

Compensation and Total Rewards

Truist’s Compensation and Total Rewards enable its purpose, mission, and values, specifically Truist’s mission to create an inclusive and energizing environment that empowers teammates. Truist aims to provide market competitive total rewards to attract and retain talent while enabling Truist’s short- and long-term performance. Truist provides compensation and rewards that are designed to achieve positive business results, are based on market and internal assessments, and are aligned with risk management principles.

Truist’s benefits program for qualified teammates includes a company-funded defined benefit pension plan, a 401(k) plan, an employee stock purchase plan, Truist Momentum financial well-being education, healthcare coverage, and other insurance benefits. Truist also provides access to a Lifeforce physical well-being program, mental well-being support, paid time off, teammate and family resources such as access to backup child-care centers and family care resources, and on-site services such as health centers and fitness centers.

Website Access to Truist’s Filings with the SEC

Truist’s electronic filings with the SEC, including the Annual Report on Form 10-K, Quarterly Reports on Form 10-Q, Current Reports on Form 8-K, and amendments to these reports filed or furnished pursuant to Sections 13(a) or 15(d) of the Exchange Act are made available at no cost on the Company’s Investor Relations website, https://ir.truist.com, as soon as reasonably practicable after Truist files such material with, or furnishes it to, the SEC. Truist’s SEC filings are also available through the SEC’s website at https://www.sec.gov.

Truist may use its website to distribute Company information, including as a means of disclosing material, non-public information and for complying with its disclosure obligations under Regulation FD. Truist routinely posts and makes accessible financial and other information, including corporate responsibility and sustainability information, regarding Truist on its website. Investors should monitor Truist’s website, including the Investor Relations portion, in addition to its press releases, SEC filings, public conference calls, and webcasts. The information on our website is not incorporated by reference into this report.

Corporate Governance

Information with respect to the Board, Executive Officers, and corporate governance policies and principles is presented on Truist’s Investor Relations website, https://ir.truist.com. Specifically, the Company makes available on its Investor Relations website, under the heading “Governance & Responsibility” (i) its Code of Ethics for the Board, senior financial officers, and teammates, (ii) its Corporate Governance Guidelines, and (iii) the charters of the Company’s standing Board committees. If the Company makes changes in, or provides waivers from, the provisions of its Code of Ethics that the SEC requires it to disclose, the Company intends to disclose these events in the “Governance & Responsibility” section of its Investor Relations website.

Truist Financial Corporation 17

18 Truist Financial Corporation