AXP American Express Co - 10-K

Risk Factors

Unresolved Staff Comments

Cybersecurity

Properties

Legal Proceedings

Mine Safety Disclosures

PART II

Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

[Reserved]

Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A)

Executive Overview

Consolidated Results of Operations

Business Segment Results of Operations

Consolidated Capital Resources and Liquidity

Risk Management

Critical Accounting Estimates

Other Matters

Quantitative and Qualitative Disclosures about Market Risk

Financial Statements and Supplementary Data

Management’s Report on Internal Control Over Financial Reporting

Report of Independent Registered Public Accounting Firm (PCAOB ID 238 )

Index to Consolidated Financial Statements

Consolidated Financial Statements

Notes to Consolidated Financial Statements

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

Controls and Procedures

Other Information

Disclosure Regarding Foreign Jurisdictions that Prevent Inspections

PART III

Directors, Executive Officers and Corporate Governance

Executive Compensation

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

Certain Relationships and Related Transactions, and Director Independence

Principal Account ant Fees and Services

PART IV

Exhibit and Financial Statement Schedules

Form 10-K Summary

Signatures

Statistical Disclosure by Bank Holding Companies

Table of Contents

This Annual Report on Form 10-K contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 that are subject to risks and uncertainties. You can identify forward-looking statements by words such as “believe,” “expect,” “anticipate,” “intend,” “plan,” “aim,” “will,” “may,” “should,” “could,” “would,” “likely,” “estimate,” “potential,” “continue” or other similar expressions. We discuss certain factors that affect our business and operations and that may cause our actual results to differ materially from these forward-looking statements under “Risk Factors” and “Cautionary Note Regarding Forward-Looking Statements.” You are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date on which they are made. We undertake no obligation to update publicly or revise any forward-looking statements.

This report includes trademarks, such as American Express ® , which are protected under applicable intellectual property laws and are the property of American Express Company or its subsidiaries. This report also contains trademarks, service marks, copyrights and trade names of other companies, which are the property of their respective owners. Solely for convenience, our trademarks and trade names referred to in this report may appear without the ® or ™ symbols, but such references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights or the right of the applicable licensor to these trademarks and trade names.

Throughout this report the terms “American Express,” “we,” “our” or “us,” refer to American Express Company and its subsidiaries on a consolidated basis, unless stated or the context implies otherwise. The use of the term “partner” or “partnering” in this report does not mean or imply a formal legal partnership, and is not meant in any way to alter the terms of American Express’ relationship with any third parties. Amounts presented in this report may not sum and percentages may not recalculate due to rounding. Refer to the “Glossary of Selected Terminology” under “MD&A” for the definitions of other key terms used in this report.

Table of Contents

PART I

ITEM 1.    BUSINESS

Overview

American Express is a global payments and premium lifestyle brand powered by technology. Founded in 1850 and headquartered in New York, American Express’ card-issuing, merchant-acquiring and card network businesses offer products and services to a broad range of customers, including consumers, small businesses, mid-sized companies and large corporations around the world.

Our range of products and services includes:

• Credit and charge cards and complementary products and services, including travel, dining, lifestyle and expense management products and services

• Banking and other payment and financing products and services, including deposits and non-card lending

• Merchant acquisition and processing, servicing and settlement, fraud prevention, and point-of-sale marketing and information products and services

• Network services

These products and services are offered through various channels, including mobile and online applications, affiliate marketing, customer referral programs, third-party service providers and business partners, in-house sales teams, direct mail, telephone and direct response advertising.

We were founded as a joint stock association and incorporated in 1965 as a New York corporation. American Express Company and its principal operating subsidiary, American Express Travel Related Services Company, Inc. (TRS), are bank holding companies under the Bank Holding Company Act of 1956, as amended (the BHC Act), subject to supervision and examination by The Board of Governors of the Federal Reserve System (the Federal Reserve).

We principally engage in businesses comprising four reportable operating segments: U.S. Consumer Services (USCS), Commercial Services (CS), International Card Services (ICS) and Global Merchant and Network Services (GMNS). Corporate functions and certain other businesses are included in Corporate & Other. Our businesses function together to form our end-to-end integrated payments platform, which we believe is a differentiator that underpins our business model. For further information about our reportable operating segments, see “Business Segment Results of Operations” under “MD&A.”

Table of Contents

Our Integrated Payments Platform and Technology

Through our card-issuing, merchant-acquiring and card network businesses, we are able to connect participants and provide differentiated value across the commerce path. We maintain direct relationships with Card Members (as a card issuer) and merchants (as an acquirer), which provides us with access to information at both ends of the card transaction, distinguishing our integrated payments platform from the bankcard networks. Through contractual relationships, we also obtain information from third-party card issuers, merchant acquirers, processors and payment facilitators with whom we do business.

Our integrated payments platform and the systems and infrastructure that underlie it provide us with data and analytics, while maintaining our commitment to respect Card Member preferences and protect Card Member and merchant data in compliance with applicable policies and legal requirements. Our models and analytical tools help us reduce fraud and underwrite risk, such as in determinations regarding the extension of credit. We also leverage our technology to provide differentiated value to customers, such as special offers and benefits to Card Members and targeted marketing and other information services for merchants and partners, as well as to develop and improve our customer interfaces and service capabilities to continue to deliver a high-quality customer experience. We also continue to explore ways to deploy new and developing technologies to enhance our payments platform and customer experience, such as uses for generative artificial intelligence (AI) and the integration of our products and services in agentic commerce.

Card Issuing Businesses

We are a leader in providing general purpose credit and charge cards to consumers, small businesses, mid-sized companies and large corporations. We offer a broad set of card products, rewards and services to this premium consumer and broad commercial customer base, in the United States and internationally, through our USCS, CS and ICS reportable operating segments. We focus on differentiating American Express Membership through our Membership Model of premium products, lifestyle services for consumers and business-centric solutions for our commercial customers, and benefits for our Card Members that we co-create and co-fund with our business partners. We believe the many benefits that come with American Express Membership build a strong, emotional connection with our brand across generations and geographies.

We acquire and retain high-spending, engaged and creditworthy Card Members by designing innovative credit, charge and debit card products and payment and lending solutions that appeal to our target customer base and meet their spending and borrowing needs. We seek to provide attractive value propositions to Card Members in a number of different ways, including:

• providing incentives to drive spending on our various card products and increase customer engagement, including our Membership Rewards ® and Amex Offers ™ programs, cash-back reward features, statement credits for purchases with partners, interest rates offered on deposits and participation in loyalty programs sponsored by our cobrand and other partners;

• offering an array of benefits, services and experiences through our Membership Model, such as lounge access, dining experiences, entertainment and other travel-, lifestyle- and business-related benefits; and

• delivering on our brand attributes of trust, security and service, including by providing exceptional levels of customer care.

A key element of our Membership Model is our development of a wide range of partner relationships, including to design, cobrand and distribute certain of our cards and provide benefits, services and experiences to our Card Members. We also enhance the American Express Membership experience through a suite of digital applications and tools, such as the new Amex Travel App that we launched in 2025, which make it easier for our Card Members to engage with our products and benefits and improve their service experience.

We regularly refresh many of our card products, such as the 2025 refresh of our U.S. Consumer and Business Platinum cards, to enhance their value propositions, increase engagement with existing customers and attract new customers. We also have a number of products that complement our card products. We offer banking and financing products such as high yield savings, business and consumer checking accounts, consumer installment loans and lines of credit offered to small businesses. We also provide non-card business-to-business (B2B) payment products and cash and expense management solutions to our commercial clients, which we are enhancing through our 2025 acquisition of Center, an expense management software company. In addition, we provide Card Members with reservation capabilities and elevated dining experiences through our dining platform spanning our network of Resy ® and Tock ® restaurants and venues.

For the year ended December 31, 2025, worldwide billed business (spending on American Express cards issued by us) was $1,670 billion and as of December 31, 2025, we had 86.6 million proprietary cards-in-force worldwide. Jurisdictions that represent a significant portion of our billed business include the United States, the United Kingdom, the European Union, Australia, Japan, Canada and Mexico.

Table of Contents

Merchant Acquiring Business

Our GMNS reportable operating segment builds and manages relationships with millions of merchants around the world that choose to accept American Express cards. This includes signing new merchants to accept our cards, agreeing on the discount rate (a fee charged to the merchant for accepting our cards) and handling servicing for merchants. We also build and maintain relationships with merchant acquirers, processors and payment facilitators to manage aspects of our merchant services business. For example, through our OptBlue ® merchant-acquiring program, these third parties contract directly with small merchants for card acceptance on our network and determine merchant pricing. We continue to grow merchant acceptance of American Express cards around the world and work with merchant partners so that our Card Members are warmly welcomed and encouraged to spend in the millions of places where their American Express cards are accepted. We also seek to drive greater usage of the American Express network by deepening merchant engagement and increasing Card Member awareness through initiatives such as our Shop Small ® campaigns and expanding our payment options such as through debit and B2B capabilities.

GMNS also provides fraud-prevention tools, marketing solutions, data analytics and other programs and services to merchants and other partners that leverage the capabilities of our integrated payments platform.

Card Network Business

We operate a payments network that processes and settles transactions across the globe. To enhance and extend the reach of our global network and broaden our customer base, we establish and maintain relationships with third-party banks and other institutions in approximately 110 countries and territories through our card network business. These network partners are licensed to issue American Express-branded cards in their countries and/or serve as the merchant acquirer for local merchants on our network.

For the year ended December 31, 2025, worldwide processed volume (spending on American Express cards issued by third parties as well as alternative payment solutions facilitated by American Express) was $227.2 billion and as of December 31, 2025, we had 66.2 million cards-in-force issued by third parties worldwide.

Diverse Customer Base and Global Footprint

The following chart provides a summary of our diverse set of customers and broad geographic footprint based on worldwide network volumes:

Table of Contents

Partners and Relationships

Our integrated payments platform allows us to work with a range of business partners, and our partners in return help drive the scale and relevance of the platform.

There are many examples of how we work with partners, including: issuing cards under cobrand arrangements with other corporations and institutions (e.g., Delta Air Lines (Delta), Marriott International, British Airways and Hilton Worldwide Holdings); providing greater value to our Card Members (e.g., Amex Offers and statement credits for purchases with partners); offering innovative ways for our Card Members to earn and use points with our merchants (e.g., Pay with Points at Amazon.com); expanding merchant acceptance with third-party acquirers and processors (e.g., OptBlue program participants); offering access to payment technologies, marketing solutions and brand assets for cards issued by third-party banks, financial technology companies and other institutions on the American Express network (e.g., cards offered by Coinbase and Credit Saison); integrating into expense management processes of our business customers (e.g., Emburse and SAP Concur); enhancing our travel and lifestyle benefits and services (e.g., Fine Hotels and Resorts ® ); and providing experiences and entertainment for Card Members (e.g., via Formula 1 and AEG Worldwide). We also have an equity investment in, and commercial arrangements with, Global Business Travel Group, Inc. (GBTG), which provides business travel-related services.

Delta is our largest strategic partner. Our relationships with, and revenues and expenses related to, Delta are significant and represent an important source of value for our Card Members. We issue cards under cobrand arrangements with Delta and the Delta cobrand portfolio continued to represent approximately 13 percent of worldwide billed business and approximately 21 percent of worldwide Card Member loans as of December 31, 2025. The Delta cobrand portfolio generates fee revenue and interest income from Card Members and discount revenue from Delta and other merchants for spending on Delta cobrand cards. The current Delta cobrand agreement runs through the end of 2029 and we expect to continue to make significant investments in this partnership. Among other things, Delta is also a key participant in our Membership Rewards program, provides travel-related benefits and services, including airport lounge access for certain American Express Card Members, accepts American Express cards as a merchant and is a corporate payments customer.

Working with all of our partners, we seek to provide value, choice and unique experiences across our customer base.

Our Premium Customer Base, Revenue Mix and Membership Model

We seek to attract premium, high-spending and high-credit-quality customers and our business model focuses on generating revenues primarily by driving spending on our cards and secondarily through finance charges and fees. Spending on our cards, which is higher on average on a per-card basis versus our network competitors, offers superior value to merchants in the form of loyal customers and larger transactions, and attracts partners to provide value to our Card Members and merchants. We also aim to meet the borrowing needs of our customers through a variety of card and non-card financing products, and we charge an annual fee on many of our card products, which helps support the value offered on those products. Because of the spend, lend and fee revenues we generate, we are able to invest in our Membership Model, which provides attractive rewards and other benefits for Card Members, as well as in marketing and payment solutions for merchants. This attracts new Card Members and creates incentives for Card Members to spend more on their cards, attracts merchants and partners to provide additional value to our Membership Model and positively differentiates American Express cards.

The American Express Brand and Service Excellence

Our brand and its attributes—trust, security and service—are key assets. We invest heavily in managing, marketing, promoting and protecting our brand, including through the delivery of our products and services in a manner consistent with our brand promise. The American Express brand is ranked among the most valuable brands in the world. We place significant importance on trademarks, service marks and patents, and seek to secure our intellectual property rights around the world.

We aim to provide the world’s best customer experience every day and our reputation for world-class service has been recognized by numerous awards over the years. Our customer care professionals, travel consultants and partners treat servicing interactions as an opportunity to bring the brand to life for our customers, add meaningful value and deepen relationships. We also utilize technology to provide customers with a range of servicing channels and tools designed to meet their preferences and enhance their service experience.

Table of Contents

Our Business Strategies

We seek to grow our business by focusing on five strategic imperatives:

First, we aim to expand our leadership in the premium consumer space by continuing to deliver membership benefits that span our customers’ everyday spending, borrowing, travel and lifestyle needs, expanding our roster of business partners around the globe and developing a range of experiences that attract high-spending customers.

Second, we seek to build on our strong position in commercial payments by evolving our card value propositions, further differentiating our corporate card and accounts payable expense management solutions and designing innovative products and features, including financing, banking and payment solutions for our business customers.

Third, we are focused on strengthening our global, integrated network by continuing to increase merchant acceptance, providing merchants with fraud protection services, marketing insights and connections to higher-spending Card Members and working with our network partners to offer expanded products and services.

Fourth, we want to continue to build on our unique global position, seeking ways to use our differentiated business model and global presence as we progress against our other strategic imperatives.

Finally, we seek to reimagine our customer and colleague experiences to drive innovation, improve productivity and efficiency and enhance customer satisfaction. We added this fifth strategic imperative as technology is transforming how we work and changing our customers’ expectations.

Table of Contents

Our Colleagues

Our colleagues are integral to executing our business strategies and to our overall success. As of December 31, 2025, we employed approximately 76,800 people, whom we refer to as colleagues, with approximately 25,900 colleagues in the United States and approximately 50,900 colleagues outside the United States.

We conduct an annual Colleague Experience Survey for colleagues to share their feedback about the work environment and culture at American Express, which helps us better understand colleague sentiment across several aspects of their experience including leadership, engagement, work life, risk and controls, career development and well-being. In 2025, 91 percent of colleagues who participated in the survey said they would recommend American Express as a great place to work.

At the heart of our workplace culture are our Blue Box Values, which are a set of guiding principles that serve as the foundation for how we operate as a company and lead. We believe that maintaining our strong culture, adhering to our Blue Box Values and ensuring that our people feel respected, valued, recognized and backed helps us attract, develop and engage the right talent for American Express’ success.

We support our colleagues with competitive total compensation packages, holistic well-being programs and opportunities for career growth and development to attract and retain top talent.

Competitive Total Compensation . Our compensation programs seek to recognize colleagues for their contributions, leadership and impact, and every colleague has the opportunity to share in American Express’ success. In addition, maintaining pay equity is an important part of our compensation philosophy and is reviewed annually to ensure colleagues are compensated fairly, based on key factors such as tenure, role, level, geography, merit and performance.

Holistic Well-Being . We also provide leading benefits and take a holistic approach to well-being, providing resources that address the physical, financial and mental health of our colleagues. We support our colleagues’ physical health and well-being through our corporate wellness program, Healthy Living, which highlights the importance of preventive care, encourages and rewards healthy actions, and delivers practical and accessible resources that promote a healthy lifestyle. We also offer resources and support for our colleagues’ mental health through our Healthy Minds Program, which provides colleagues and their household members with access to free counseling and a personalized health concierge service, and aims to increase mental health awareness across American Express. Our financial well-being program, Smart Saving, provides tools and resources to help colleagues build their financial knowledge and skills for all life stages.

Career Growth & Development . We provide colleagues at all levels with access to a wide variety of resources to support their ongoing career growth and leadership development. We start with opportunities for colleagues to learn on the job, build cross-functional skills and grow in their careers through a defined, collaborative process for performance management. Colleagues have access to a number of other resources, such as career coaching, mentoring, professional networking and rotation opportunities, as well as courses on-demand and with classroom-style instruction. To help support a culture of conduct and risk management, we also require colleagues undergo trainings on laws, regulations and policies applicable to them and American Express.

Table of Contents

Information About Our Executive Officers

Set forth below, in alphabetical order, is a list of our executive officers as of February 6, 2026, including each executive officer’s principal occupation and employment during the past five years. None of our executive officers has any family relationship with any other executive officer, and none of our executive officers became an officer pursuant to any arrangement or understanding with any other person. Each executive officer has been elected to serve until the next annual election of officers or until his or her successor is elected and qualified. Each officer’s age is indicated by the number in parentheses next to his or her name.

DOUGLAS E. BUCKMINSTER —

Vice Chairman

Mr. Buckminster (65) has been Vice Chairman since April 2021. Prior thereto, he had been Group President, Global Consumer Services Group since February 2018.

HOWARD GROSFIELD —

Group President, U.S. Consumer Services

Mr. Grosfield (57) has been Group President, U.S. Consumer Services since February 2025. Prior thereto, he had been President, U.S. Consumer Services since May 2022, Executive Vice President and General Manager of U.S. Consumer Marketing and Global Premium Services since February 2021 and Executive Vice President and General Manager of U.S. Consumer Marketing Services from January 2016 to February 2021.

MONIQUE R. HERENA —

Chief Colleague Experience Officer

Ms. Herena (54) has been Chief Colleague Experience Officer since April 2019.

RAYMOND JOABAR —

Group President, Global Commercial Services

Mr. Joabar (60) has been Group President, Global Commercial Services since February 2025. Prior thereto, he had been Group President, Global Merchant and Network Services since April 2021 and President, Global Risk and Compliance and Chief Risk Officer since September 2019.

CHRISTOPHE Y. LE CAILLEC —

Chief Financial Officer

Mr. Le Caillec (60) has been Chief Financial Officer (CFO) since August 2023. Prior thereto, he had been Deputy CFO since December 2021 and Head of Corporate Planning since February 2019.

RAFAEL MARQUEZ —

President, International Card Services

Mr. Marquez (54) has been President, International Card Services since May 2022. Prior thereto, he had been President, International Consumer Services and Global Loyalty Coalition since September 2019.

ANNA MARRS —

Group President, Global Merchant and Network Services

Ms. Marrs (52) has been Group President, Global Merchant and Network Services since February 2025. Prior thereto, she had been Group President, Global Commercial Services and Credit & Fraud Risk since April 2021 and President, Global Commercial Services since September 2018.

GLENDA MCNEAL —

Chief Partner Officer

Ms. McNeal (65) has been Chief Partner Officer since February 2024. Prior thereto, she had been President, Enterprise Strategic Partnerships since March 2017.

DENISE PICKETT —

President, Enterprise Shared Services

Ms. Pickett (60) has been President, Enterprise Shared Services since February 2025. Prior thereto, she had been President, Global Services Group since September 2019.

Table of Contents

RAVI RADHAKRISHNAN —

Chief Information Officer

Mr. Radhakrishnan (54) has been Chief Information Officer since January 2022. Mr. Radhakrishnan joined American Express from Wells Fargo & Company, where he served as Chief Information Officer for the Commercial Banking and Corporate & Investment Banking businesses since May 2020.

ELIZABETH RUTLEDGE —

Chief Marketing Officer

Ms. Rutledge (64) has been Chief Marketing Officer since February 2018.

LAUREEN E. SEEGER —

Chief Legal Officer

Ms. Seeger (64) has been Chief Legal Officer since July 2014.

JENNIFER SKYLER —

Chief Corporate Affairs Officer

Ms. Skyler (49) has been Chief Corporate Affairs Officer since October 2019.

STEPHEN J. SQUERI —

Chairman and Chief Executive Officer

Mr. Squeri (66) has been Chairman and Chief Executive Officer since February 2018.

DOUGLAS TABISH —

Chief Risk Officer

Mr. Tabish (56) has been Chief Risk Officer since April 2024. Prior thereto, he had been Executive Vice President and General Manager of Global Card & Risk Operations since January 2020.

Table of Contents

COMPETITION

We compete in the global payments industry with networks, issuers, acquirers and other payment service providers and methods of payment, including paper-based transactions (e.g., cash and checks) and electronic transfers (e.g., wire transfers and Automated Clearing House (ACH)), as well as evolving and growing alternative mechanisms, systems and products that leverage new technologies, business models and customer relationships to create payment, financing or banking solutions. The payments industry continues to undergo changes in response to evolving technologies, business dynamics and competition for premium customers.

As a card issuer, we compete with financial institutions that issue general-purpose credit and debit cards, as well as businesses that issue private label cards, operate mobile wallets, provide payment services or extend credit. We face intense competition in the premium space and for cobrand relationships, as both card issuer and network competitors have targeted high-spending customers and key business partners with attractive value propositions. For example, there is heightened competition with respect to several aspects of our Card Member value propositions, such as in partnerships and other differentiated offerings (e.g., lounge space in U.S. and global hub airports, dining experiences and other experiential offerings). Our banking products also face strong competition, such as with respect to the rates offered on deposits.

Our global card network competes in the global payments industry with other card networks, including, among others, Visa, China UnionPay, Mastercard, JCB, Discover and Diners Club International (the last two of which are owned by Capital One). We are the fourth largest general-purpose card network globally based on purchase volume, behind Visa, China UnionPay and Mastercard. In addition to such networks, we compete against a range of companies globally, including merchant acquirers, processors, payment facilitators and web- and mobile-based payment platforms (e.g., Alipay, PayPal and Shop Pay), as well as regional payment networks (such as the National Payments Corporation of India).

The principal competitive factors that affect card-issuing, merchant and network businesses include:

• The features, value and quality of the products and services, including customer care, rewards programs and offers, partnerships, travel-, lifestyle- and business-related benefits (including lounges, dining and other entertainment, as well as business tools), banking services and digital and mobile services, as well as the costs associated with providing such features and services

• Reputation and brand recognition

• The number, spending characteristics and credit performance of customers

• The quantity, diversity and quality of the establishments where the cards can be used

• The attractiveness of the value proposition to cardholders, corporate clients, merchants, merchant acquirers, card issuers and processors, payment facilitators and other payment intermediaries (including the relative cost and ease of using or accepting the products and services, and capabilities such as fraud prevention and data analytics)

• The number, quality and cost of other cards and other forms of payment and financing available to customers, as well as the integration and connectivity of those products

• The security of cardholder, merchant and network partner information

• The success of marketing and promotional campaigns

• The speed of innovation and investment in systems, technologies and product and service offerings

• The nature and quality of expense management tools, electronic payment methods and data capture and reporting capabilities, particularly for business customers

Table of Contents

Another aspect of competition is the dynamic and rapid growth of alternative payment and financing mechanisms, systems and products, which include payment facilitators and processors, digital payment, open banking and electronic wallet platforms, point-of-sale lenders and buy now, pay later products, real-time settlement and processing systems, financial technology companies, digital currencies developed by both the private sector and central banks, tokenization, blockchain and similar distributed ledger technologies, prepaid systems and gift cards, and systems linked to customer accounts or that provide payment solutions. The development of agentic commerce solutions, in which autonomous or semi-autonomous AI agents initiate and execute transactions on behalf of users, has accelerated as generative AI technologies have advanced and become more popular. In addition, the use of stablecoins, which can be used for payments in a number of settings, including in e-commerce and cross-border and B2B payments, has grown. The integration of these and other new or evolving technologies has the potential to create new or better competitor products, alter the competitive environment and reshape customer payment experiences, including in ways that disintermediate our relationship with customers. Furthermore, the business models and cost structures of competitors in these areas may differ from ours, such as those of certain financial technology companies, which can provide them with a number of advantages, including differing revenue streams, lower costs, greater scale or ability to pursue and adopt new technologies and less stringent regulatory requirements, and may enable them to disintermediate us from our customers. Additionally, various competitors are integrating more financial services into their product offerings and seeking to attain the benefits of an integrated payments platform, such as ours.

In addition to the discussion in this section, see “ Our operating results may materially suffer because of substantial and increasingly intense competition worldwide in the payments industry ” under “Risk Factors” for further discussion of the potential impact of competition on our business, and “ Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition ” and “ Legal proceedings regarding provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, could have a material adverse effect on our business and result in additional litigation and/or arbitrations, changes to our merchant agreements and/or business practices, substantial monetary damages and damage to our reputation and brand ” under “Risk Factors” for a discussion of the potential impact on our ability to compete effectively due to government regulations or if ongoing legal proceedings limit our ability to prevent merchants from engaging in various actions that discriminate against our card products.

Table of Contents

SUPERVISION AND REGULATION

Overview

We are subject to evolving and extensive government regulation and supervision in jurisdictions around the world, and the costs of ongoing compliance are substantial. The financial services industry is subject to rigorous scrutiny, high regulatory expectations, a range of regulations and a stringent and unpredictable enforcement environment.

Governmental authorities have focused, and we believe will continue to focus, considerable attention on reviewing compliance by financial services firms and payment systems with laws and regulations, and as a result, we continually work to evolve and improve our risk management framework, governance structures, practices and procedures. Reviews by us and governmental authorities to assess compliance with laws and regulations, as well as our own internal reviews to assess compliance with internal policies, including errors or misconduct by colleagues or third parties or control failures, have resulted in, and are likely to continue to result in, changes to our products, practices and procedures, restitution to our customers and increased costs related to regulatory oversight, supervision and examination. We have also been subject to regulatory actions and may continue to be the subject of such actions, including governmental inquiries, investigations, enforcement proceedings and the imposition of fines or civil money penalties, in the event of noncompliance or alleged noncompliance with laws or regulations.

Policymakers around the world continue to propose and adopt new and increasingly complex laws and regulations governing a wide variety of issues that may impact our business or change our operating environment in substantial and unpredictable ways. For example, legislators and regulators in various countries in which we operate have focused on the offering of consumer financial products and the operation of payment networks, resulting in changes to certain practices or pricing of card issuers, merchant acquirers and payment networks, and, in some cases, the establishment of broad and ongoing regulatory oversight regimes.

The following discussion summarizes elements of the extensive regulatory environment in which we operate; it does not purport to be complete or to describe all of the laws or regulations to which we are subject or all possible or proposed changes in laws or regulations that may become applicable to us. See “Operational and Compliance Risks” under “Risk Factors” for a discussion of the potential impact that changes in applicable law or regulation, and in their interpretation and application by regulatory agencies and other governmental authorities, may have on our business, results of operations and financial condition.

Banking Regulation

American Express entities are subject to banking regulation in the United States and in certain jurisdictions internationally. U.S. federal and state banking laws, regulations and policies extensively regulate the Company, TRS and our U.S. bank subsidiary, American Express National Bank (AENB). For purposes of this Supervision and Regulation section, the “Company” refers only to American Express Company, a bank holding company, and does not include its subsidiaries. Both the Company and TRS are subject to comprehensive consolidated supervision, regulation and examination by the Federal Reserve and AENB is supervised, regulated and examined by the Office of the Comptroller of the Currency (OCC) and with respect to certain matters by the Federal Deposit Insurance Corporation (FDIC). The Company and its subsidiaries are also subject to the rulemaking, enforcement and examination authority of the Consumer Financial Protection Bureau (CFPB). Banking regulators have broad examination and enforcement powers, including the power to impose substantial fines, limit dividends and other capital distributions, restrict operations and acquisitions and require divestitures, any of which could compromise our competitive position. Many aspects of our business also are subject to rigorous regulation by other U.S. federal and state regulatory agencies and by non-U.S. government agencies and regulatory bodies. For example, non-U.S. regulators supervising our international regulated financial institutions use many of the same principles of regulation and supervision that are used by U.S. federal bank regulators.

Table of Contents

Activities

The BHC Act generally limits bank holding companies to activities that are considered to be banking activities and certain closely related activities. As noted above, each of the Company and TRS is a bank holding company and each has elected to become a financial holding company, which is authorized to engage in a broader range of financial and related activities. In order to remain eligible for financial holding company status, the Company and TRS must meet certain eligibility requirements. Those requirements include that each of the Company and AENB must be “well capitalized” and “well managed,” and AENB must have received at least a “satisfactory” rating on its most recent assessment under the Community Reinvestment Act of 1977 (the CRA). The Company, TRS and their subsidiaries engage in various activities permissible only for financial holding companies, including, in particular, providing travel agency services, acting as a finder and engaging in certain insurance underwriting and agency services. If the Company fails to meet eligibility requirements for financial holding company status, it and its subsidiaries are likely to be barred from engaging in new types of financial activities or making certain types of acquisitions or investments in reliance on its status as a financial holding company, and ultimately could be required to either discontinue the broader range of activities permitted to financial holding companies or divest AENB. In addition, the Company and its subsidiaries are prohibited by law from engaging in practices that regulatory authorities deem unsafe or unsound (which such authorities generally interpret broadly) and regulatory authorities have discretion in determining whether new or modified activities can be conducted in a safe and sound manner.

Acquisitions and Investments

Applicable federal and state laws place limitations on the ability of persons to invest in or acquire control of us without providing notice to or obtaining the approval of one or more of our regulators. In addition, we are subject to banking laws and regulations that limit our investments and acquisitions and, in some cases, subject them to the prior review and approval of our regulators, including the Federal Reserve and the OCC. Federal banking regulators have broad discretion in evaluating proposed acquisitions and investments that are subject to their prior review or approval.

Enhanced Prudential Standards

The Company is subject to the U.S. federal bank regulatory agencies’ rules that tailor the application of enhanced prudential standards to bank holding companies and depository institutions with $100 billion or more in total consolidated assets. Under these rules, each such bank holding company is assigned to one of four categories based on its status as a U.S. global systemically important banking organization and five other risk-based indicators: (i) total assets, (ii) cross-jurisdictional activity, (iii) non-bank assets, (iv) off-balance sheet exposure, and (v) weighted short-term wholesale funding, with the most stringent requirements applying to Category I firms and the least stringent requirements applying to Category IV firms. Under these rules, the Company has been a Category III firm since 2024 as a result of the Company’s total consolidated assets exceeding $250 billion. Category III firms are subject to heightened capital, liquidity and prudential requirements, single-counterparty credit limits and additional stress tests, which in some cases are subject to a transition period. AENB, as a depository institution subsidiary of a Category III firm, is also subject to certain enhanced prudential standards under these tailoring rules as described below.

Further changes in the levels of the risk-based indicators described above, such as if we have $75 billion or more in cross-jurisdictional activity (based on a four-quarter trailing average), could result in the Company becoming a Category II firm and subject to more stringent capital, liquidity and prudential requirements. Our cross-jurisdictional activity was $76 billion as of December 31, 2025, and the four-quarter trailing average was $73 billion.

Capital and Liquidity Regulation

Capital Rules

The Company and AENB are required to comply with the applicable capital adequacy rules established by federal banking regulators. These rules are intended to ensure that bank holding companies and depository institutions (collectively, banking organizations) have adequate capital given their level of assets and off-balance sheet obligations. The federal banking regulators’ current capital rules (the Capital Rules) implement the Basel Committee on Banking Supervision’s (the Basel Committee) framework for strengthening international capital regulation, known as Basel III. For additional information regarding our capital ratios, see “Consolidated Capital Resources and Liquidity” under “MD&A.”

Table of Contents

Under the Capital Rules, banking organizations are required to maintain minimum ratios for Common Equity Tier 1 (CET1 capital), Tier 1 capital (that is, CET1 capital plus additional Tier 1 capital) and Total capital (that is, Tier 1 capital plus Tier 2 capital) to risk-weighted assets. We report our capital adequacy ratios using risk-weighted assets calculated under the standardized approach. Category III firms such as the Company are not subject to the advanced approaches capital requirements, whereas Category II firms are subject to the advanced approaches capital requirements under current capital rules, which introduce additional complexities in the methodologies used to calculate risk-weighted assets for purposes of determining capital adequacy ratios.

In 2017, the Basel Committee published standards that, among other things, revise the standardized approach for credit risk (including by recalibrating risk weights and introducing additional capital requirements for certain “unconditionally cancellable commitments” such as unused credit card lines of credit) and provide a new standardized calculation for operational risk capital requirements. In 2023, the U.S. federal bank regulatory agencies issued a notice of proposed rulemaking to implement and supplement the Basel Committee standards, which would have significantly revised U.S. regulatory capital requirements for large banking organizations, including the Company and AENB. The U.S. federal bank regulatory agencies have subsequently indicated that they intend to work on a revised proposal; however, any future rulemaking with respect to the Basel Committee standards remains uncertain. The ultimate impact of any such rulemaking will depend on a number of factors, including the content of the final rulemaking, future minimum regulatory requirements and management decisions regarding our product constructs, capital distributions and target capital levels, and such rulemaking could result in significantly higher regulatory capital requirements for the Company and AENB.

The Company and AENB must each maintain CET1 capital, Tier 1 capital and Total capital ratios of at least 4.5 percent, 6.0 percent and 8.0 percent, respectively. On top of these minimum capital ratios, the Company is subject to a dynamic stress capital buffer (SCB) composed entirely of CET1 capital with a floor of 2.5 percent and AENB is subject to a static 2.5 percent capital conservation buffer (CCB). The SCB equals (i) the difference between a bank holding company’s starting and minimum projected CET1 capital ratios under the supervisory severely adverse scenario under the Federal Reserve’s stress tests described below, plus (ii) one year of planned common stock dividends as a percentage of risk-weighted assets. The required minimum capital ratios for the Company may be further increased by a countercyclical capital buffer of up to an additional 2.5 percent of risk-weighted assets, if enacted by the Federal Reserve, which must be held in the form of CET1 capital. The countercyclical capital buffer is currently set at zero percent; however it could change in the future. If the Federal Reserve were to raise the countercyclical capital buffer, covered banking organizations such as the Company would generally have 12 months after the announcement of such increase to meet the increased buffer requirement, unless the Federal Reserve sets an earlier effective date.

On August 29, 2025, the Federal Reserve confirmed the SCB for the Company of 2.5 percent, which remained unchanged from the level announced in August 2024. As a result, the effective minimum ratios for the Company (taking into account the SCB requirement) and AENB (taking into account the CCB requirement) are 7.0 percent, 8.5 percent and 10.5 percent for the CET1 capital, Tier 1 capital and Total capital ratios, respectively. Banking organizations with ratios of CET1 capital, Tier 1 capital or Total capital to risk-weighted assets below these effective minimum ratios face constraints on discretionary distributions such as dividends, repurchases and redemptions of capital securities and executive compensation. A bank holding company’s SCB requirement is effective on October 1 of each year and will remain in effect through September 30 of the following year unless it is reset in connection with resubmission of a capital plan, as discussed below.

On April 17, 2025, the Federal Reserve issued a notice of proposed rulemaking that would make certain changes to the SCB calculation for Category I to III firms such as the Company, including (i) using the average of the maximum CET1 declines projected in each of the two most recent annual supervisory stress tests to determine a firm’s SCB, while retaining the 2.5 percent floor; and (ii) moving the effective date of the stress capital buffer requirement in a given year from October 1 to January 1.

The Company is also required to comply with minimum leverage ratio requirements. The leverage ratio is the ratio of a banking organization’s Tier 1 capital to its average total consolidated assets (as defined for regulatory purposes). The Company is also subject to a minimum supplementary leverage ratio, which is the ratio of Tier 1 capital to an expanded concept of leverage exposure that takes into account both on‐balance sheet assets and certain off‐balance sheet exposures. All banking organizations are required to maintain a leverage ratio of at least 4.0 percent, and Category III banking organizations such as the Company are required to maintain a minimum supplementary leverage ratio of 3.0 percent.

Table of Contents

Liquidity Regulation

The Company and AENB are subject to two standards for liquidity risk supervision as implemented by the Federal Reserve and OCC: the minimum liquidity coverage ratio (LCR) and the net stable funding ratio (NSFR). The LCR is designed to ensure that a banking entity maintains an adequate level of unencumbered high-quality liquid assets to meet its liquidity needs for a 30-day time horizon under an acute liquidity stress scenario specified by supervisors. The LCR measures the ratio of a firm’s high-quality liquid assets to its projected net outflows. The NSFR requires a minimum amount of longer-term funding sources based on the assets, commitments and derivative exposures of banking entities. As a Category III firm with less than $75 billion in weighted short-term wholesale funding, the Company, and its depository institution subsidiary, AENB, are required to calculate the LCR and NSFR on a daily basis, with total net cash outflows and required stable funding, respectively, multiplied by an adjustment of 85 percent. The Company is required to make public disclosures related to its LCR on a quarterly basis beginning with respect to the first quarter of 2026 and NSFR on a semi-annual basis beginning with respect to the first and second quarters of 2026. Category II firms and their depository institution subsidiaries are subject to the full requirements of the LCR and NSFR, as well as a requirement to submit a liquidity monitoring report on a daily (rather than monthly) basis.

In addition, the Federal Reserve’s enhanced prudential standards rule includes heightened liquidity and risk management requirements. The rule requires the maintenance of a liquidity buffer, consisting of highly liquid assets, that is sufficient to meet projected net outflows for 30 days over a range of liquidity stress scenarios. In contrast to the LCR, which is a standardized approach, the liquidity buffer requirement is calculated based on the Company’s own models.

Stress Testing and Capital Planning

Under the Federal Reserve’s regulations, the Company is subject to annual supervisory stress testing requirements and biennial company-run stress testing requirements (commonly referred to as Dodd-Frank Act Stress Tests or “DFASTs”) that are designed to evaluate whether a bank holding company has sufficient capital on a total consolidated basis to absorb losses and support operations under adverse economic conditions. Category II firms are required to conduct DFASTs on an annual rather than biennial basis.

As part of the Comprehensive Capital Analysis and Review (CCAR), the Federal Reserve uses pro-forma capital positions and ratios under stress scenarios to determine the size of the SCB for each CCAR participating firm. The Company is required to develop and submit to the Federal Reserve an annual capital plan and stress testing results on or before April 5 of each year.

The Company may be required to revise and resubmit its capital plan following certain events or developments, such as a significant acquisition or an event that could result in a material change in its risk profile or financial condition. If the Company is required to resubmit its capital plan, it must receive prior approval from the Federal Reserve for any capital distributions (including common stock dividend payments and share repurchases), other than a capital distribution on a newly issued capital instrument.

Dividends and Other Capital Distributions

The Company and TRS, as well as AENB and the Company’s insurance and other regulated subsidiaries, are limited in their ability to pay dividends by statutes, regulations and supervisory policy.

Common stock dividend payments and share repurchases by the Company are subject to the oversight of the Federal Reserve and the outcome of the annual CCAR stress testing exercise, as described above. The Company will be subject to limitations and restrictions on capital distributions if, among other things, (i) the Company’s regulatory capital ratios do not satisfy applicable minimum requirements and buffers or (ii) the Company is required to resubmit its capital plan.

In general, federal laws and regulations prohibit, without first obtaining the OCC’s approval, AENB from making dividend distributions to TRS, if such distributions are not paid out of available recent earnings or would cause AENB to fail to meet capital adequacy standards. In addition to specific limitations on the dividends AENB can pay to TRS, federal banking regulators have authority to prohibit or limit the payment of a dividend if, in the banking regulator’s opinion, payment of a dividend would constitute an unsafe or unsound practice in light of the financial condition of the institution.

Prompt Corrective Action

The Federal Deposit Insurance Act (FDIA) requires, among other things, that federal banking regulators take prompt corrective action in respect of depository institutions insured by the FDIC (such as AENB) that do not meet minimum capital requirements. The FDIA establishes five capital categories for FDIC-insured banks: well capitalized, adequately capitalized, undercapitalized, significantly undercapitalized and critically undercapitalized. The FDIA imposes progressively more restrictive constraints on operations, management and capital distributions, depending on the capital category in which an institution is classified. In order to be considered “well capitalized,” AENB must maintain CET1 capital, Tier 1 capital, Total capital and Tier 1 leverage ratios of 6.5 percent, 8.0 percent, 10.0 percent and 5.0 percent, respectively.

Table of Contents

Under the FDIA, AENB could be prohibited from accepting brokered deposits (i.e., deposits raised through third-party brokerage networks) or offering interest rates on any deposits significantly higher than the prevailing rate in its normal market area or nationally (depending upon where the deposits are solicited), unless (1) it is well capitalized or (2) it is adequately capitalized and receives a waiver from the FDIC. A portion of our outstanding U.S. retail deposits are considered brokered deposits for bank regulatory purposes. If a federal regulator determines that we are in an unsafe or unsound condition or that we are engaging in unsafe or unsound banking practices, the regulator may reclassify our capital category or otherwise place restrictions on our ability to accept or solicit brokered deposits.

Resolution Planning

Certain bank holding companies are required to submit resolution plans to the Federal Reserve and FDIC providing for the company’s strategy for rapid and orderly resolution in the event of its material financial distress or failure. As a Category III firm, the Company is required to submit a holding company resolution plan every three years, with submissions alternating between a full plan and a plan targeted on certain areas or subjects identified by the Federal Reserve and the FDIC. The Company submitted its most recent holding company resolution plan in 2025. If the Federal Reserve and the FDIC determine that the Company’s plan is not credible and we fail to cure the deficiencies, we may be subject to more stringent capital, leverage or liquidity requirements; may be subject to more restrictions on our growth, activities or operations; or may ultimately be required to divest certain assets or operations to facilitate an orderly resolution.

AENB continues to be required to prepare and provide a separate resolution plan to the FDIC that would enable the FDIC, as receiver, to effectively resolve AENB under the FDIA in the event of failure. In 2024, the FDIC issued a final rule revising its resolution plan requirements for insured depository institutions, which requires certain insured depository institutions with $100 billion or more in assets, including AENB, to submit full resolution plans every three years with interim supplements in non-submission years. AENB submitted its initial interim supplement in 2025 and will be required to submit its initial resolution plan under the final rule on or before July 1, 2026.

Orderly Liquidation Authority

The Company could become subject to the Orderly Liquidation Authority (OLA), a resolution regime under which the Treasury Secretary may appoint the FDIC as receiver to liquidate a systemically important financial institution, if the Company is in danger of default and is determined to present a systemic risk to U.S. financial stability. As under the FDIC resolution model, under the OLA, the FDIC has broad power as receiver. Substantial differences exist, however, between the OLA and the U.S. Bankruptcy Code, including the right of the FDIC under the OLA to disregard the strict priority of creditor claims in limited circumstances, the use of an administrative claims procedure to determine creditor claims (as opposed to the judicial procedure used in bankruptcy proceedings), and the right of the FDIC to transfer claims to a “bridge” entity.

The FDIC has developed a strategy under OLA, referred to as the “single point of entry” or “SPOE” strategy, under which the FDIC would resolve a failed financial holding company by transferring its assets (including shares of its operating subsidiaries) and, potentially, very limited liabilities to a “bridge” holding company; utilize the resources of the failed financial holding company to recapitalize the operating subsidiaries; and satisfy the claims of unsecured creditors of the failed financial holding company and other claimants in the receivership by delivering securities of one or more new financial companies that would emerge from the bridge holding company. Under this strategy, management of the failed financial holding company would be replaced and its shareholders and creditors would bear the losses resulting from the failure.

FDIC Powers upon Insolvency of AENB

If the FDIC is appointed the conservator or receiver of AENB, the FDIC has the power to: (1) transfer any of AENB’s assets and liabilities to a new obligor without the approval of AENB’s creditors; (2) enforce the terms of AENB’s contracts pursuant to their terms; or (3) repudiate or disaffirm any contract or lease to which AENB is a party, the performance of which is determined by the FDIC to be burdensome and the disaffirmation or repudiation of which is determined by the FDIC to promote the orderly administration of AENB. In addition, the claims of holders of U.S. deposit liabilities and certain claims for administrative expenses of the FDIC against AENB would be afforded priority over other general unsecured claims against AENB, including claims of debt holders and depositors in non-U.S. offices, in the liquidation or other resolution of AENB. As a result, regardless of whether the FDIC ever sought to repudiate any debt obligations of AENB, the debt holders and depositors in non-U.S. offices would be treated differently from, and could receive substantially less, if anything, than the depositors in the U.S. offices of AENB.

Table of Contents

Other Banking Regulations

Source of Strength

The Company is required to act as a source of financial and managerial strength to its U.S. bank subsidiary, AENB, and may be required to commit capital and financial resources to support AENB. Such support may be required at times when, absent this requirement, the Company otherwise might determine not to provide it. Capital loans by the Company to AENB are subordinate in right of payment to deposits and to certain other indebtedness of AENB. In the event of the Company’s bankruptcy, any commitment by the Company to a federal banking regulator to maintain the capital of AENB will be assumed by the bankruptcy trustee and entitled to a priority of payment.

Transactions Between AENB and its Affiliates

Certain transactions (including loans and credit extensions from AENB) between AENB and its affiliates (including the Company, TRS and their other subsidiaries) are subject to quantitative and qualitative limitations, collateral requirements and other restrictions imposed by statute and regulation. Transactions subject to these restrictions are generally required to be made on an arm’s-length basis.

FDIC Deposit Insurance and Insurance Assessments

AENB accepts deposits that are insured by the FDIC up to the applicable limits. Under the FDIA, the FDIC may terminate the insurance of an institution’s deposits upon a finding that the institution has engaged in unsafe or unsound practices; is in an unsafe or unsound condition to continue operations; or has violated any applicable law, regulation, rule, order or condition imposed by the FDIC. We do not know of any practice, condition or violation that would lead to termination of deposit insurance at AENB. The FDIC’s deposit insurance fund is funded by assessments on insured depository institutions, including AENB, which are subject to adjustment by the FDIC.

Community Reinvestment Act

AENB is subject to the CRA, which imposes affirmative, ongoing obligations on depository institutions to meet the credit needs of their local communities, including low- and moderate-income neighborhoods, consistent with the safe and sound operation of the institution. AENB is currently designated a “limited purpose bank” under CRA regulations.

Consumer Financial Products Regulation

Our consumer-oriented activities are subject to regulation and supervision in the United States and internationally. In the United States, our marketing, sale and servicing of consumer financial products and our compliance with certain federal consumer financial laws are supervised and examined by the CFPB, which has broad rulemaking and enforcement authority over providers of credit, savings and payment services and products, and authority to prevent “unfair, deceptive or abusive” acts or practices. The CFPB has the authority to write regulations under federal consumer financial protection laws, to enforce those laws and to examine for compliance. It is also authorized to collect fines and require consumer restitution in the event of violations, engage in consumer financial education, track consumer complaints, request data and promote the availability of financial services to underserved consumers and communities. U.S. federal law also regulates abusive debt collection practices, which, along with bankruptcy and debtor relief laws, can affect our ability to collect amounts owed to us or subject us to regulatory scrutiny. In addition, a number of U.S. states have significant consumer credit protection, disclosure and other laws (in certain cases more stringent than U.S. federal laws). State regulators and state attorneys general may increase regulatory, investigative and enforcement activity with respect to consumer protection, including in response to changes in regulation, supervision and enforcement of consumer protection laws by federal regulators.

In 2024, the CFPB issued a final rule on personal financial data rights that requires financial institutions, including us, and other financial service providers (collectively referred to as data providers) to provide consumers and consumer-authorized third parties with access to consumers’ financial data in electronic form free of charge. In July 2025, a court granted the CFPB’s request to stay litigation challenging the final rule following the CFPB’s announcement that it would reexamine the final rule and in August 2025, the CFPB issued an advance notice of proposed rulemaking seeking input to inform its revisions to the final rule. While the impact of the CFPB’s rulemaking will depend upon the content of the final rule, this rulemaking and other open banking initiatives have the potential to change the competitive landscape, presenting challenges to our business model, such as limiting advantages provided by our integrated payments platform, as well as opportunities since we may also act as an authorized third party and receive data from data providers.

Table of Contents

We are also regulated in the United States under the “money transmitter” or “sale of check” laws in effect in most states. In addition, we are required by the laws of many states to comply with unclaimed and abandoned property laws, under which we must pay to states the face amount of any Travelers Cheque or prepaid card that is uncashed or unredeemed after a period of time depending on the type of product. Additionally, we are regulated under insurance laws in the United States and other countries where we offer insurance services. Our merchant acquiring business, and the third-party merchant acquirers, processors and payment facilitators with whom we have relationships, are also subject to certain aspects of regulation under consumer protection laws, such as by the Federal Trade Commission.

In countries outside the United States, regulators continue to focus on a number of key areas impacting our card-issuing businesses, particularly consumer protection (such as in the EU, the UK and Canada) and responsible lending (such as in Australia, Mexico, New Zealand and Singapore), with increasing importance on and attention to customers and outcomes rather than just ensuring compliance with local rules and regulations. For example, the Financial Conduct Authority’s Consumer Duty in the UK, among other things, requires firms to act to deliver “good outcomes” for retail customers with respect to products and services, price and value, consumer understanding and consumer support. Regulators’ expectations of firms in relation to their compliance, risk and control frameworks continue to increase and regulators are placing significant emphasis on a firm’s systems and controls relating to the identification and resolution of issues.

Payments Regulation

Legislators and regulators in various countries in which we operate have focused on the operation of card networks, including through enforcement actions, legislation and regulations to change certain practices or pricing of card issuers, merchant acquirers and payment networks, and, in some cases, to establish broad regulatory regimes for payment systems.

Pricing for card acceptance, including interchange fees (that is, the fee paid by the bankcard merchant acquirer to the card issuer in payment networks like Visa and Mastercard), has been a focus of legislators and regulators in Australia, Canada, the EU, the United States and other jurisdictions. Recently, certain states in the United States have passed or are considering laws prohibiting interchange from being charged on all or certain components of transactions, such as sales tax and gratuities. Jurisdictions have also sought to regulate various other aspects of network operations and contract terms and practices governing merchant card acceptance, including information associated with electronic transactions, such as state legislation regarding the use of specific merchant categories codes or limiting the use of transaction data.

Regulation and other governmental actions relating to operations, pricing or practices could affect all networks and/or acquirers directly or indirectly, as well as adversely impact consumers and merchants. Among other things, regulation of bankcard fees has negatively impacted, and may continue to negatively impact, the discount revenue we earn, including as a result of downward pressure on our merchant discount rates from decreases in competitor pricing in connection with caps on interchange fees. In some cases, regulations also extend to certain aspects of our business, such as network and cobrand arrangements or the terms of card acceptance for merchants. For example, we exited our network business in the EU and Australia as a result of regulation in those jurisdictions. In addition, there is uncertainty as to when or how interchange fee caps and other provisions of the EU payments legislation might apply when we work with cobrand partners and agents in the EU. In 2018, the EU Court of Justice (CJEU) confirmed the validity of fee capping and other provisions in circumstances where three-party networks issue cards with a cobrand partner or through an agent, although its ruling provided only limited guidance as to when or how the provisions might apply in such circumstances and remains subject to differing interpretations by regulators and participants in cobrand arrangements. In 2024, the CJEU held a hearing on questions referred by the Dutch Trade and Industry Appeals Tribunal regarding the interpretation of the application of the interchange fee caps in connection with an administrative proceeding by the Netherlands Authority for Consumers and Markets regarding our cobrand relationship with KLM Royal Dutch Airlines. As a precursor to the CJEU’s final ruling, an advisory opinion was issued by the Advocate General in March 2025, advising the CJEU that our payments to the cobrand partner can be subject to the interchange fee caps but certain payments and services provided by the cobrand partner could potentially be netted against such payments for purposes of determining the capped amount. The advisory opinion is not binding on the CJEU and there can be no assurance as to the outcome of the proceeding. Given differing interpretations by regulators and participants in cobrand arrangements, we are subject to regulatory action, penalties and the possibility we will not be able to maintain our existing cobrand and agent relationships in the EU. See “ Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition ” under “Risk Factors.”

Table of Contents

In various countries, such as certain Member States in the EU, Australia and Canada (other than in the Province of Quebec), merchants are permitted by law to surcharge card purchases. Certain jurisdictions are also reconsidering or may in the future reconsider their laws relating to surcharging, such as in Australia where the central bank released a consultation paper in July 2025 proposing to remove surcharging on designated card networks; however, the implementation and impact of any such proposals remain uncertain. In the United States, a number of state laws that prohibit surcharging have been overturned and certain states have passed or are considering laws to permit surcharging by merchants. In jurisdictions allowing surcharging, we have seen an increase in merchant surcharging on American Express cards, particularly in certain merchant categories. Surcharging is an adverse customer experience and could have a material adverse effect on us, particularly where it only or disproportionately impacts credit card usage or card usage generally, our Card Members or our business. In addition, we also encounter steering or differential acceptance practices by merchants, which could also have a material adverse effect on us. See “ Surcharging, steering or other differential acceptance practices by merchants could materially adversely affect our business and results of operations ” under “Risk Factors.”

Central banks and other regulators have also established, or are seeking to establish, oversight over payment networks and other participants, including with respect to governance, risk management, resilience, transparency and access. For example, in November 2025, the Central Bank of Brazil issued a resolution which, among other things, will increase the responsibility of payment networks for the settlement of transactions on the network, including obligations in relation to issuer defaults, under revised network rules to be submitted by May 2026. Additionally, governments in some countries have established regulatory regimes that require international card networks to be locally licensed and/or to localize aspects of their operations. For example, the Reserve Bank of India, which has broad power under the Payment and Settlement Systems Act, 2007 to regulate the membership and operations of card networks, issued a mandate requiring payment systems operators in India to store certain payments data locally. In 2021, it imposed restrictions on American Express Banking Corp. from engaging in certain card issuing activities in India, which were lifted in 2022 following significant investment in technology, infrastructure and resources to comply with the regulation. The development and enforcement of these and other similar laws, regulations and policies heightens our exposure to third parties, increases costs and complexity of doing business and adversely affects our ability to compete effectively and maintain and extend our global network.

Privacy, Data Protection, Data Management, AI, Resiliency, Information Security and Cybersecurity

Regulatory and legislative activity in the areas of privacy, data protection, data management, AI, resiliency, information security and cybersecurity continues to increase worldwide. We have established, and continue to maintain, policies and a governance framework to comply with applicable laws and requirements in these areas, meet evolving customer and industry expectations and support and enable business innovation and growth; however, our policies and governance framework may not be sufficient given the size and complexity of our business and heightened regulatory scrutiny.

Our regulators are increasingly focused on ensuring that our privacy, data protection, data management, AI, resiliency, information security and cybersecurity-related policies and procedures are adequate to inform customers of our data collection, use, sharing, retention and/or security practices, to provide them with choices, if required, about how we use and share their information, and to appropriately safeguard their personal information and account access. Regulators are also focused on end-to-end management of data, technology infrastructure and architecture, technology operations, resiliency and business continuity, and third-party risk management policies and practices, with regulatory expectations continuing to increase as we grow in size. For example, the EU Digital Operational Resilience Act requires EU financial entities to have a comprehensive governance and risk management framework for information and communications technology risk. In addition, regulators and legislators have heightened their focus on the use of AI and machine learning (ML) through the application of existing laws and regulations as well as by adopting new laws and regulations, such as the EU AI Act and AI legislation in several U.S. states (e.g., in California, Colorado and Utah). These new and emerging laws and regulations are reshaping how we develop, deploy and manage AI systems, including by imposing new obligations related to data use, recordkeeping, transparency and human oversight.

In the United States, certain of our businesses are subject to the privacy, disclosure and safeguarding provisions of the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations and guidance. Among other things, GLBA imposes certain limitations on our ability to share consumers’ nonpublic personal information with nonaffiliated third parties and requires us to develop, implement and maintain a written comprehensive information security program containing safeguards that are appropriate to the size and complexity of our business, the nature and scope of our activities and the sensitivity of customer information that we process. We also have expanded privacy-related obligations with respect to California residents who are not covered by GLBA, pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020. Various regulators and other U.S. states and territories are considering similar requirements or have adopted laws, rules and regulations pertaining to privacy and/or information security and cybersecurity that may be more stringent and/or expansive than federal requirements.

Table of Contents

We are also subject to certain privacy, data protection, data management, AI, resiliency, information security and cybersecurity laws in other countries in which we operate, some of which are more stringent and/or expansive than those in the United States and may conflict with each other. The EU and UK General Data Protection Regulations (GDPR) impose legal and compliance obligations on companies that process personal data of individuals in the EU and UK, irrespective of the geographical location of the company, with the potential for significant fines for non-compliance (up to 4 percent of total annual worldwide revenue). The EU and UK GDPR also include requirements concerning the cross-border transfer of personal data and prompt notification of data breaches, in certain circumstances, to affected individuals and supervisory authorities. We are also subject to certain data protection laws in Member States in the EU, which may be more stringent than the EU GDPR. Other countries have also adopted or are considering similar omnibus privacy laws, including Australia, Brazil, Canada, China, India, Japan, the Philippines, Singapore, South Korea and Thailand. Certain countries also require in-country data processing and/or in-country storage of data or for us to provide foreign governments and other third parties broader access to our data and intellectual property. Data breach and operational outage notification laws or regulatory activities to encourage such notifications and regulatory activity and laws around resiliency, business continuity and third-party risk management are also becoming more prevalent in jurisdictions outside the United States in which we operate.

Our privacy and data protection programs have become the subject of heightened scrutiny and review in certain jurisdictions, including in the EU, and we continue to enhance our privacy program to comply with applicable requirements and regulatory expectations. Our compliance with the various and often diverging legal frameworks around privacy, data protection, AI, resiliency, information security and cybersecurity, as well as increased regulatory and legislative activity in these areas, may result in higher technology, administrative and other operational costs and hinder our ability to deploy and scale technology, innovate quickly and effectively utilize data.

Anti-Money Laundering, Countering the Financing of Terrorism, Economic Sanctions and Anti-Corruption Compliance

We are subject to significant supervision and regulation, and an increasingly stringent enforcement environment, with respect to compliance with anti-money laundering (AML), countering the financing of terrorism (CFT), sanctions and anti-corruption laws and regulations. Failure to maintain and implement adequate programs and policies and procedures for AML/CFT, sanctions and anti-corruption compliance could have material financial, legal and reputational consequences. Additionally, our AML/CFT, sanctions and anti-corruption compliance programs may limit our ability to pursue certain business opportunities or affect our relationships with certain partners, service providers and other third parties.

Anti-Money Laundering and Countering the Financing of Terrorism

We are subject to a significant number of AML/CFT laws and regulations globally.

In the United States, the majority of AML/CFT requirements are derived from the Currency and Foreign Transactions Reporting Act and the accompanying regulations issued by the U.S. Department of the Treasury (collectively referred to as the Bank Secrecy Act), as amended by the USA PATRIOT Act of 2001. The Anti-Money Laundering Act of 2020 (the AMLA), enacted in January 2021, amended the Bank Secrecy Act and is intended to comprehensively reform and modernize U.S. AML/CFT laws. Many of the statutory provisions in the AMLA will require additional rulemakings, reports and other measures, and the impact of the AMLA will depend on, among other things, rulemaking and implementation guidance.

In Europe, AML/CFT requirements are largely the result of countries transposing the 5th and 6th EU Anti-Money Laundering Directives (and preceding EU Anti-Money Laundering Directives) into local laws and regulations. Numerous other countries have also enacted or proposed new or enhanced AML/CFT legislation and regulations applicable to American Express.

Among other things, these laws and regulations generally require us to establish AML/CFT programs that meet certain standards, including policies and procedures to collect information from and verify the identities of our customers, and to monitor for and report suspicious transactions, in addition to other information gathering and recordkeeping requirements. Our AML/CFT programs have become the subject of heightened scrutiny and we are working to make enhancements to our existing programs, policies and procedures and to identify and remediate deficiencies. Errors, failures or delays in complying with AML/CFT laws, deficiencies in our AML/CFT programs or association of our business with money laundering, terrorist financing, tax fraud or other illicit activity could give rise to significant supervisory, criminal and civil proceedings and lawsuits, which could result in significant penalties and forfeiture of assets, loss of licenses or restrictions on business activities, or other enforcement actions.

Table of Contents

Economic Sanctions

National governments and international bodies, such as the United Nations and the EU, have imposed economic sanctions against individuals, entities, vessels, governments, regions and countries that endanger their interests or violate international norms of behavior. Sanctions have been used to advance a range of foreign policy goals, including conflict resolution, counterterrorism, counternarcotics and promotion of democracy and human rights, among other national and international interests. We maintain a global sanctions compliance program designed to meet the requirements of applicable sanctions regimes. Failure to comply with such requirements could subject us to serious legal and reputational consequences, including criminal penalties.

The United States has imposed economic sanctions that affect transactions involving targeted jurisdictions, parties or activities. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) administers most U.S. sanctions. OFAC regulations prohibit U.S. persons from engaging in financial transactions with or relating to, or other dealings involving, a targeted individual, entity, vessel, government or country without a license or other authorization. OFAC regulations require U.S. persons to block property and property interests of parties on OFAC’s Specially Designated Nationals and Blocked Persons List and entities owned 50 percent or more by one or more Specially Designated Nationals. Blocked property (e.g., bank deposits or other financial assets) cannot be paid out, withdrawn, set off or transferred in any manner without a license from OFAC. Regulatory authorities in other international jurisdictions, such as the UK and Member States in the EU, administer similar programs to U.S. sanction programs.

Anti-Corruption

We are subject to complex anti-corruption laws and regulations, including the U.S. Foreign Corrupt Practices Act (the FCPA), the UK Bribery Act and other laws that prohibit the making or offering of improper payments. The FCPA makes it illegal to corruptly offer or provide anything of value to foreign government officials, political parties or political party officials for the purpose of obtaining or retaining business or an improper advantage. The FCPA also requires us to strictly comply with certain accounting and internal controls standards. The UK Bribery Act also prohibits commercial bribery and the receipt of a bribe, and makes it a corporate offense to fail to prevent bribery by an associated person, in addition to prohibiting improper payments to foreign government officials. Failure by us or our colleagues, contractors or agents to comply with the FCPA, the UK Bribery Act and other similar laws can expose us and/or individual colleagues to investigation, prosecution and potentially severe criminal and civil penalties.

Compensation Practices

Our compensation practices are subject to oversight by the Federal Reserve and the OCC. The federal banking regulators’ guidance on sound incentive compensation practices sets forth three key principles for incentive compensation arrangements that are designed to help ensure that incentive compensation plans do not encourage imprudent risk-taking and are consistent with the safety and soundness of banking organizations. The three principles provide that a banking organization’s incentive compensation arrangements should (1) provide incentives that appropriately balance risk and financial results in a manner that does not encourage employees to expose their organizations to imprudent risks, (2) be compatible with effective internal controls and risk management and (3) be supported by strong corporate governance, including active and effective oversight by the organization’s board of directors. Any deficiencies in our compensation practices that are identified by the banking regulators in connection with their review of our compensation practices may be incorporated into our supervisory ratings, which can affect our ability to make acquisitions or perform other actions. Enforcement actions may be taken against us if our incentive compensation arrangements or related risk-management control or governance processes are determined to pose a risk to our safety and soundness, and we have not taken prompt and effective measures to correct the deficiencies.

The Dodd-Frank Act requires U.S. financial regulators, including the Federal Reserve and the Securities and Exchange Commission (SEC), to adopt rules on incentive-based payment arrangements at specified regulated entities having at least $1 billion in total assets. In 2016, the federal banking regulators, the SEC, the Federal Housing Finance Agency and the National Credit Union Administration proposed revised rules on incentive-based compensation practices, which were reproposed by certain of those agencies in 2024, but have not yet been finalized. If these or other regulations are adopted in a form similar to what has been proposed, they will impose limitations on the manner in which we may structure compensation for our colleagues, which could adversely affect our ability to hire, retain and motivate key colleagues.

Table of Contents

ADDITIONAL INFORMATION

We maintain an Investor Relations website at https://ir.americanexpress.com. We make available free of charge, on or through this website, our annual, quarterly and current reports and any amendments to those reports as soon as reasonably practicable following the time they are electronically filed with or furnished to the SEC.

In addition, we routinely post financial and other information, some of which could be material to investors, on our Investor Relations website. Information regarding our corporate sustainability initiatives and related disclosures are available on our Investor Relations website and on the Corporate Sustainability section of our website at https://www.americanexpress.com/en-us/company/corporate-sustainability.

The content of any of our websites referred to in this report is not incorporated by reference into this report or any other report filed with or furnished to the SEC. We have included such website addresses only as inactive textual references and do not intend them to be active links.

Our business as a whole has not experienced significant seasonal fluctuations, although billed business tends to be moderately higher in the fourth quarter than in other quarters. As a result, the amount of Card Member loans and receivables outstanding tends to be moderately higher during that quarter. Additionally, we tend to have a higher proportion of retail-related billed business in the fourth quarter, which on average has a slightly lower merchant discount rate.

Table of Contents

ITEM 1A.    RISK FACTORS

This section highlights certain risks that could affect us and our businesses, broadly categorized in accordance with the risk types identified in our risk governance framework: “Strategic and Reputational Risks,” “Operational and Compliance Risks” and “Credit, Market and Liquidity Risks.” You should carefully consider each of the following risks and all of the other information set forth in this Annual Report on Form 10-K, including in “Risk Management” under “MD&A,” which describes our approach to identifying, monitoring and managing the risks we assume in conducting our businesses and provides certain quantitative and qualitative disclosures about market risks. Although we have devoted and continue to devote significant resources to develop and strengthen our risk management capabilities and control environment, we may not be successful in meeting regulatory expectations and managing the risks to which we are exposed.

The risks and uncertainties we face are not limited to those described below. Additional risks and uncertainties not presently known to us or that we currently believe to be immaterial may also adversely affect our business.

Strategic and Reputational Risks

Macroeconomic conditions are a major driver of our results of operations and changes in the business and economic environment may materially adversely affect our business.

We offer a broad array of products and services to consumers, small businesses, mid-sized companies and large corporations and thus are very dependent upon the level of consumer and business activity and the demand for payment and financing products. Slow economic growth, economic contraction, persistent inflationary pressures or shifts in broader consumer and business trends can significantly impact customer behaviors, including spending on our cards, the ability and willingness of Card Members to borrow and pay amounts owed to us, demand for fee-based products and services and levels of customers’ deposits with us.

Factors such as consumer spending and confidence, household income and housing prices, levels of unemployment and underemployment, business investment and inventory levels, bankruptcies, geopolitical instability, public policy decisions and uncertainty, government spending and debt, international trade relationships, tariffs, interest rates, taxes, inflation and deflation (including the effects of related governmental responses), impacts of new technologies, energy costs and availability of capital and credit all affect the economic environment and, ultimately, our profitability. Additionally, sustained periods of high inflation may, among other things, increase certain of our expenses and erode consumer purchasing power, confidence and spending. An economic downturn or recession may result in higher unemployment and lower household income, consumer spending, corporate earnings and business investment, which may negatively impact spending on our cards and demand for our products, and increase delinquencies and write-off rates.

Spending by our premium consumer Card Members, for example, is sensitive to personal discretionary spending levels and tends to decline during general economic downturns. Likewise, spending by small business and corporate clients, which comprised approximately 41 percent of our worldwide billed business during 2025, depends in part on the economic environment and a favorable climate for continued business investment and new business formation. The consequences of negative circumstances impacting us or the economic environment generally can be sudden and severe and can impact customer types and geographies in which we operate in very different ways.

Our business is subject to the effects of geopolitical conditions, weather, natural disasters and other catastrophic events.

Geopolitical conditions, terrorist attacks, military conflicts, supply chain issues, natural disasters, severe weather, widespread health emergencies or pandemics, information or cybersecurity incidents (including intrusion into or degradation or unavailability of systems or technology by cyberattacks), operational incidents and other catastrophic events can have a material adverse effect on our business. Political and social conditions, including geopolitical instability (such as from tensions involving China and the United States), fiscal and monetary policies (including developments related to the U.S. federal deficit, debt ceiling, government shutdowns and other budgetary issues), trade wars and tariffs, labor shortages, regional or domestic hostilities, economic sanctions and the prospect or occurrence of more widespread conflicts could also negatively affect our business, operations and partners, consumer and business spending, including travel patterns and business investment, and demand for credit. Pandemics and other health emergencies can have widespread and unpredictable impacts on global society, economic conditions and consumer and business behavior. Because we derive a portion of our revenues from travel-related spending and many of our partners’ businesses relate to travel, our business is sensitive to impacts to travel and tourism, such as health and safety concerns and limitations on travel and mobility. In addition, disruptions in air travel and other forms of travel can result in the payment of claims under travel protection products we offer.

We are a multinational company that derives a substantial portion of its revenues from activities outside of the United States and many of our U.S. customers have an international presence or are otherwise affected by global developments. Accordingly, events that impact international relations and geopolitical stability may have a significant impact on our business. For example, several countries have implemented and are considering the further implementation of tariffs, trade barriers or restrictions and other retaliatory international or domestic policies, as well as other measures affecting cross-border commerce, migration and the flow of information. These actions have had and may likely continue to have broad consequences for the global economy and regional and country economies, as well as impacts to global supply chains and negative effects on our customers and partners, which may adversely affect our business.

There are multiple ongoing military conflicts around the world and geopolitical tensions may result in additional conflicts or escalate existing conflicts. Such conflicts have led to economic uncertainty and market disruptions. For example, as a result of the Russian invasion of Ukraine, we exited our business operations in Russia and Belarus. Geopolitical conditions may adversely affect macroeconomic conditions and our business in a number of ways, including potential retaliatory action against companies such as us and our clients and partners, further sanctions activity and export controls, heightened regulatory scrutiny, increased inflation, further increases or fluctuations in goods and energy prices, decreases in global travel, further disruptions to the global

Table of Contents

supply chain and increased prevalence and sophistication of cyberattacks. If international political instability and geopolitical tensions continue or increase, our business and results of operations could be harmed.

Hurricanes, wildfires and other natural disasters have impacted, and may continue to impact, spending and credit performance in the areas affected. Disasters and catastrophic events, and the impact of such events on certain industries or the overall economy, could have a negative effect on our business, results of operations and infrastructure, including our technology and systems and those of our partners and suppliers. Climate-related risks may exacerbate certain of these threats, including the frequency and severity of weather-related events. Card Members in California, Florida, New York, Texas, Georgia and New Jersey account for a significant portion of U.S. consumer and small business billed business and Card Member loans, and our results of operations could be impacted by events or conditions that disproportionately or specifically affect one or more of those states.

Our operating results may materially suffer because of substantial and increasingly intense competition worldwide in the payments industry.

The payments industry is highly competitive, and we compete with networks, issuers, acquirers and other payment service providers and methods of payment, including paper-based transactions (e.g., cash and checks) and electronic transfers (e.g., wire transfers and ACH), as well as evolving and growing alternative mechanisms, systems and products (e.g., web- and mobile-based payment platforms). If we are not able to differentiate ourselves from our competitors, develop compelling value propositions for our customers and/or effectively use emerging technologies to grow in evolving areas such as digital payments and agentic commerce, we may not be able to compete effectively.

We believe Visa and Mastercard are larger than we are in most countries based on purchase volume. As a result, card issuers and acquirers on the Visa and Mastercard networks may be able to benefit from the dominant position, scale, resources, marketing and pricing of those networks. Our business may also be negatively affected if we are unable to continue increasing merchant acceptance (including by merchants that accept cards on the Visa and Mastercard networks) and perceptions of coverage, or if our Card Members do not experience welcome acceptance of our cards.

Some of our competitors have substantially greater scale and resources than we have and may offer richer value propositions or a wider range of programs and services than we offer or may use more effective strategies to acquire and retain more customers, capture a greater share of spending and borrowings, develop more attractive cobrand card and other partner programs, obtain more favorable terms with merchants and maintain greater merchant acceptance than we have. Competition may also intensify as participants in the payments industry merge or enter into joint ventures or other partnerships or business combinations, which may create advantages in competing with our products and services. Government actions or initiatives may also provide competitors with increased opportunities to derive competitive advantages and may create new competitors, including in some cases a government entity. We may not be able to compete effectively against these threats or respond or adapt to changes in customer behavior, such as Card Member spending and borrowing or merchant acceptance, as effectively as our competitors. Costs such as Card Member rewards and Card Member services expenses could continue to increase as we evolve our value propositions, including in response to increased competition. Competitors may also use AI technologies more effectively than us or partner with companies that do so, which may increase the attractiveness and availability of their products and services and allow them to offer greater value propositions and realize greater operational efficiencies.

The payments industry is complex and continues to undergo changes in response to evolving technologies and customer preferences. Spending on our cards could continue to be impacted by increasing usage of credit and debit cards issued on other networks and real-time settlement transactions, such as bank transfers, as well as adoption of alternative payment mechanisms, systems and products, such as digital currencies. The fragmentation of Card Member spending, such as to take advantage of different merchant or card incentives, for convenience with technological solutions or as a result of point-of-sale practices that impact merchant acceptance (e.g., surcharging or differential acceptance), may continue to increase. Revolving credit balances on our cards could also be impacted by alternative financing providers, such as point-of-sale lenders and buy now, pay later products. Regulatory and legislative changes may also significantly alter the competitive landscape, including by facilitating alternative payment or financing mechanisms, such as recent legislation in the U.S. establishing a regulatory framework for stablecoins, or by imposing constraints on payment or financing mechanisms, such as proposals to cap credit card interest rates. To the extent other payment and financing mechanisms, systems and products continue to successfully expand, our discount revenues earned from Card Member spending and our net interest income earned from Card Member borrowing could be negatively impacted. In addition, companies that control access to consumer and merchant payment method choices at the point of sale or through digital wallets, agentic or other commerce-related experiences, mobile applications or other technologies could choose not to accept, suppress use of, or degrade the experience of using our products or could restrict our access to our customers and transaction data. Such companies could also require payments from us to participate in such digital wallets, experiences or applications or negotiate incentives or pricing concessions, impacting our profitability on transactions. As AI technologies are increasingly integrated into payments and related services, such as through the adoption of agentic commerce, these dynamics may accelerate and new dynamics that are difficult to predict may develop, any of which may disadvantage our business.

The competitive value of our data and demand for our products and services may also be diminished as traditional and non-traditional competitors use other, new data sources and technologies, including generative AI, to derive similar insights and by certain regulations. Open banking initiatives, including those promoted by governments and regulators, may result in a number of challenges to our business model, such as disintermediating us from our customers, steering customers away from our products and services or decreasing our attractiveness to partners. Competitors have also sought to create their own integrated payments platforms and may have competitive advantages in doing so as compared to our business.

To the extent we expand into, or further grow in, new business areas, such as new products and services that complement our card products, and new geographic regions, we will face competitors with more experience and more established relationships with relevant customers, regulators and industry participants, which could adversely affect our ability to compete. Laws and business practices that favor local competitors, require card transactions to be routed over domestic networks or prohibit or limit foreign ownership of certain businesses could limit our growth in international regions.

Table of Contents

We may face additional compliance and regulatory risks to the extent that we expand into new business areas, and we may need to dedicate more expense, time and resources to comply with regulatory requirements than our competitors, particularly those that are not regulated financial institutions.

Many of our competitors are subject to different, and in some cases, less stringent, legislative and regulatory regimes, and some may have lower cost structures and more agile business models and systems. For example, banking regulators are increasingly open to issuing limited-purpose licenses to allow companies to conduct certain banking activities under more limited regulatory requirements. More restrictive laws and regulations that do not apply to all of our competitors can put us at a disadvantage, including prohibiting us from engaging in certain transactions, regulating our business practices or adversely affecting our cost structure.

We face intense competition for partner relationships, which could result in a loss or renegotiation of these arrangements that could have a material adverse impact on our business and results of operations.

In the ordinary course of our business we enter into different types of contractual arrangements with business partners in a variety of industries. For example, we work with partners such as Delta, Marriott, British Airways and Hilton to offer cobranded cards for consumers and small businesses, and with partners in many industries, including Delta, to offer benefits and rewards to Card Members. Other aspects of our customer value propositions also increasingly rely on our ability to co-create and co-fund value with partners, such as statement credits for purchases with partners and travel and dining benefits. See “Partners and Relationships” under “Business” for additional information on our business partnerships, including with Delta.

Competition for relationships with key business partners is very intense and there can be no assurance we will be able to grow or maintain these partner relationships or that they will remain as profitable or valued by our customers. Establishing and retaining attractive cobrand card partnerships is particularly competitive among card issuers and networks as these partnerships typically appeal to high-spending loyal customers. All of our cobrand portfolios in the aggregate accounted for approximately 26 percent of our worldwide billed business for the year ended December 31, 2025. Card Member loans related to our cobrand portfolios accounted for approximately 36 percent of our worldwide Card Member loans as of December 31, 2025.

Cobrand and other partner arrangements are generally entered into for a fixed period and will terminate in accordance with their terms, including at the end of the fixed period unless extended or renewed at the option of the parties, or upon early termination as a result of an event of default or otherwise. We face the risk that we could lose partner relationships, even after we have invested significant resources in the relationships. Additionally, partners may make changes to the products and services they offer or otherwise become less desirable to our customers, which may lower the value of our products, such as cards with embedded partner value and the cobranded cards we issue to our customers. We also may not renew certain relationships, such as our Amazon and Lowe’s small business cobrand portfolios, which, as previously disclosed, have been reclassified to held for sale on our Consolidated Balance Sheets. Billed business could decline and Card Member attrition could increase, in each case, significantly as a result of the termination of one or more partnership relationships. In addition, some of our cobrand arrangements provide that, upon expiration or termination, the cobrand partner may purchase or designate a third party to purchase the loans generated with respect to such cobranded card portfolio, which could result in the loss of the card accounts and a significant decline in our Card Member loans outstanding.

We regularly seek to extend or renew cobrand and other partner arrangements in advance of the end of the contract term and face the risk that existing relationships will be renegotiated with less favorable terms for us or that we may be unable to renegotiate on terms that are acceptable to us, as competition for such relationships continues to increase. We make payments to our cobrand partners, which can be significant, based primarily on the amount of Card Member spending and corresponding rewards earned on such spending and, under certain arrangements, on the number of accounts acquired and retained. The amount we pay to our cobrand partners has increased, particularly in the United States, and may continue to increase as arrangements are renegotiated due to increasingly intense competition for cobrand partners among card issuers and networks.

The loss of exclusivity arrangements with business partners, the loss of the partner relationship altogether (whether by non-renewal at the end of the contract period, such as the end of our relationship with Costco in the United States in 2016, or as the result of a merger, legal or regulatory action or otherwise) or the renegotiation of existing partnerships with terms that are significantly worse for us could have a material adverse impact on our business and results of operations. See “ Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition ” above for information on the uncertainty regarding our cobrand and agent relationships in the EU. In addition, any publicity associated with the loss of any of our key business partners could harm our reputation, making it more difficult to attract and retain Card Members and merchants, and could weaken our negotiating position with our remaining and prospective business partners.

Arrangements with our business partners represent a significant portion of our business. We are exposed to risks associated with our business partners, including reputational issues, business slowdowns, bankruptcies, liquidations, restructurings, consolidations and outages, and the possible obligation to make payments to our partners.

Our success is, in many ways, dependent on the success of our partners. From customer acquisition to cobranding arrangements, from providing rewards and benefits to customers to facilitating B2B supplier payments for our corporate clients, we rely on our business partners across many aspects of our company and our arrangements with business partners represent a significant portion of our business. For example, our two largest redemption partners are Amazon and Delta. Some of our partners manage certain aspects of our customer relationships, such as our OptBlue program participants. To the extent any of our partners fail to effectively promote and support our products, experience a slowdown in their business, operational disruptions, reputational issues or loss of consumer confidence, or are otherwise unable to meet our expectations or those of their other stakeholders, our business may be materially negatively impacted. We also face the risk that existing relationships will be renegotiated with less favorable terms for us or that we may be unable to renegotiate on terms that are acceptable to us. In addition, we may be obligated to make or accelerate payments to certain business partners such as cobrand partners upon the occurrence of certain triggering events such as a

Table of Contents

shortfall in certain performance and revenue levels. If we are not able to effectively manage these triggering events, we could unexpectedly have to make payments to these partners, which could have a negative effect on our financial condition and results of operations. See Note 12 to the “Consolidated Financial Statements” for additional information on financial commitments related to agreements with certain cobrand partners.

Similarly, we are exposed to risk from bankruptcies, liquidations, insolvencies, financial distress, restructurings, structural shifts in the economy, consolidations, operational outages, cybersecurity incidents and other similar events that may occur in any industry representing a significant portion of our billed business or with respect to any of our important business partners (such as those with whom we co-create and co-fund value for customers), which could negatively impact particular card products and services (and volumes generally) and our financial condition and results of operations. We have previously and may in the future pre-purchase loyalty points from certain of our cobrand partners, the value of which may diminish to the extent such partners cease operations or such points become less desirable to our customers. We could also be materially impacted if we were obligated or elected to reimburse Card Members for products and services purchased from merchants that have ceased operations or stopped accepting our cards. For example, we are exposed to credit risk in the airline industry to the extent we protect Card Members against non-delivery of purchases, such as where we have remitted payment to an airline for a Card Member purchase of tickets that have not yet been used or “flown.” If we are unable to collect the amount from the airline, we may bear the loss for the amount credited to the Card Member. Spending at airline merchants accounted for approximately 6 percent of our worldwide billed business for the year ended December 31, 2025.

For additional information relating to operational risks of our business partners, see “ We rely on third-party providers for acquiring and servicing customers, technology, platforms and other services integral to the operations of our businesses. These third parties may act in ways or experience issues that could materially harm our business ” below.

We face continued intense competitive pressure that may materially impact the prices we charge for accepting our cards for payment, as well as the risk of losing merchant relationships, which could have a material adverse impact on our business and results of operations.

We face pressure from competitors that primarily rely on sources of revenue other than discount revenue or have lower costs that can make their pricing for card acceptance more attractive. Merchants, business partners and third-party merchant acquirers, processors and payment facilitators are also able to negotiate incentives, pricing concessions and other favorable contractual provisions from us as a condition to accepting our cards, being cobrand partners, offering benefits to our Card Members or signing merchants to accept American Express cards. As these parties become even larger (such as the largest tech companies) or as evolving technologies and customer preferences alter the payments landscape, we may have to increase the amount of incentives and/or concessions we provide to them. We also face the risk of losing relationships with these parties or that they limit acceptance of our cards, which could materially adversely affect spending on our cards and our ability to retain current Card Members and attract new Card Members and therefore, our business and results of operations.

Our merchant discount rates have been impacted by regulatory changes affecting competitor pricing in certain international countries and U.S. states, as well as litigation related to pricing, and may in the future be impacted by pricing regulation and litigation. We have also experienced erosion of our merchant discount rates as we increase merchant acceptance. We may not be successful in significantly expanding merchant acceptance or offsetting rate erosion with volumes at new merchants. In addition, the regulatory environment and differentiated payment models and technologies from non-traditional players in the alternative payments space could pose challenges to our payment model and adversely impact our merchant discount rates. Some merchants, including large tech companies and other large merchants, continue to invest in their own payment and financing solutions, such as proprietary-branded digital wallets, using both traditional and new technology platforms. If merchants are able to drive broad consumer adoption and usage, it could adversely impact our merchant discount rates and network and loan volumes.

A continuing priority of ours is to drive greater and differentiated value to our merchants that, if not successful, could negatively impact our discount revenue and financial results. We may not succeed in maintaining merchant discount rates or offsetting the impact of declining merchant discount rates, for the reasons discussed above and others, which could materially and adversely affect our revenues and profitability, and therefore our ability to invest in innovation and in value-added services for merchants, business partners and Card Members.

Surcharging, steering or other differential acceptance practices by merchants could materially adversely affect our business and results of operations.

In certain countries, such as Australia (where surcharging is currently under reconsideration), Canada (other than in the Province of Quebec) and certain Member States in the EU, and in certain states in the United States, merchants are permitted by law to engage in surcharging, steering or other differential acceptance practices for certain card purchases and certain merchants and merchant organizations continue to push for these practices in other jurisdictions. In jurisdictions where surcharging is not prohibited, we have seen an increase in merchant surcharging on American Express cards, particularly in certain merchant categories, and in some cases, either the surcharge is greater than that applied to cards issued on competing networks or cards issued on competing networks are not surcharged at all (practices that are known as differential surcharging), even though there are many cards issued on competing networks that have an equal or greater cost of acceptance for the merchant. In addition to surcharging, we also encounter merchants that accept our cards, but tell their customers that they prefer to accept another type of payment or otherwise seek to suppress use of our cards or certain of our cards, such as limiting the use of our cards for certain transactions.

Our Card Members value the ability to use their cards where and when they want to, and we, therefore, take steps to meet our Card Members’ expectations and to protect the American Express brand by prohibiting discrimination through provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, subject to local legal requirements. We generally do not prohibit surcharging in our agreements with merchants so long as it is permitted by law and a merchant does not discriminate against American Express cards by engaging in differential surcharging.

Table of Contents

American Express cards could become less desirable to consumers and businesses generally due to surcharging, steering or other forms of discrimination, which could result in a decrease in cards-in-force, coverage and transaction volumes, including as a result of related actions we may take to enforce our merchant contractual provisions such as terminating merchant contracts. The impact could vary depending on such factors as: the industry or manner in which a surcharge is levied; how Card Members are surcharged or steered to other card products or payment forms at the point of sale; the ease and speed of implementation for merchants, merchant acquirers, processors, payment facilitators or other merchant service providers, including as a result of new or emerging technologies such as AI and agentic commerce; the size and recurrence of the underlying charges; and whether and to what extent these actions are applied to other forms of payment, including whether it varies depending on the type of card (e.g., credit or debit), product, network, acquirer or issuer. We also increasingly rely on merchant acquirers, processors and payment facilitators to manage certain aspects of our merchant relationships and promote and support the acceptance and usage of our cards, but they may have business interests, strategies or goals that are inconsistent with ours. Discrimination against American Express cards could have a material adverse effect on our business, financial condition and results of operations, particularly where it only or disproportionately impacts credit card usage or card usage generally, our Card Members or our business.

We may not be successful in our efforts to promote card usage or attract new customers, including through marketing and promotion, merchant acceptance and Card Member rewards and services, or to effectively control the costs of such investments, all of which may materially impact our profitability.

Revenue growth is dependent on increasing consumer and business spending on our cards, growing loan balances and increasing fee revenue. We have been investing in a number of growth initiatives, including to attract new Card Members, retain existing Card Members, grow merchant acceptance and capture a greater share of customers’ total spending and borrowings. We have also introduced complementary products, such as travel and dining platforms, checking accounts, debit cards and expense management tools. There can be no assurance that our investments will continue to be effective, particularly as consumer and business behaviors continue to change and competition in the payments industry remains intense. Increasing spending on our cards also depends on our continued expansion of merchant acceptance of our cards. If we are unable to continue growing merchant acceptance and perceptions of coverage, or if merchants decide to no longer accept American Express cards or more greatly engage in surcharging, steering or other differential acceptance practices, our business could suffer. As the payments industry continues to evolve, we may expand our product and service offerings, which could include offering new payment mechanisms or additional complementary products, or shift the focus of our investments. We may also add customer acquisition channels and form new partnerships or renew current partnerships. Any of these initiatives could have higher costs than our current arrangements, fail to resonate with customers, adversely impact our merchant discount rates and existing product and service offerings or dilute our brand.

Another way we invest in customer value is through a range of Card Member rewards and benefits, including our Membership Rewards program. We rely on third parties for certain Membership Rewards redemption options, statement credits, Card Member offers, travel- and dining-related benefits and other rewards and benefits, and we may modify or not be able to continue to offer such rewards and benefits in the future, which could diminish the value of our cards. Many credit card issuers and certain other companies have developed rewards and cobrand programs and other benefits and services that are similar to ours and may be more attractive. An inability to differentiate our products and services could materially adversely affect us.

We may not be able to cost-effectively manage and expand Card Member benefits, including containing the growth of marketing, promotion, rewards and Card Member services expenses in the future, and our ability to do so will depend in part on our ability to attract value from partners. In addition, to the extent our products or offers attract customers looking for short-term incentives and fail to incentivize long-term loyalty, costs and Card Member attrition could increase. Any significant change in, or failure by management to reasonably estimate, usage of Card Member services, redemptions of Membership Rewards points and statement credit offers and associated costs could adversely affect our profitability. If our expenses significantly increase beyond our expectations, we may be unable to offset the financial impact by decreasing investments in other areas of the business or operating expenses or increasing revenues such as fee-based revenues, or both, particularly in the current regulatory and competitive environment.

Our brand and reputation are key assets of our Company, and our business may be materially affected by how we are perceived in the marketplace.

Our brand and its attributes are key assets, and we believe our continued success depends on our ability to preserve, grow and realize the benefits of the value of our brand. Our ability to attract and retain consumer and small business Card Members and corporate clients is highly dependent upon the external perceptions of our level of service, trustworthiness, business practices, fraud prevention, privacy and data protection, management, workplace culture, merchant acceptance, financial condition, response to political and social issues or catastrophic events and other subjective qualities. Negative perceptions or publicity regarding these matters—even if related to seemingly isolated incidents and whether or not factually correct—could erode trust and confidence and damage our reputation among existing and potential Card Members, corporate clients, merchants and partners, which could make it difficult for us to attract new customers and maintain existing ones, and could subject us to heightened legal and regulatory scrutiny. Negative public opinion could result from actual or alleged conduct in any number of activities or circumstances, including card practices, regulatory compliance, the use and protection of customer information, conduct by our colleagues and policy engagement and charitable giving, including activities of the American Express Company Political Action Committee and the American Express Foundation, and from actions taken by regulators or others in response thereto. Moreover, the speed with which information spreads through social media and other news sources, the increased prevalence of campaigns by activists and others targeting corporate practices (including those advancing certain political or social agendas), and the ease with which customers can switch to competing products may amplify the onset and negative effects from such perceptions.

Our brand and reputation may also be harmed by actions taken by third parties that are outside our control. For example, any shortcoming of, or controversy related to, a third-party service provider, business partner, merchant acquirer or network partner may be attributed by Card Members and merchants to us, thus damaging our reputation and brand value. Our brand may also be

Table of Contents

negatively impacted by perceptions about our Card Member base, ability or inability of certain individuals or companies to become customers and their usage of our cards and other products and services, and acceptance of American Express cards by merchants in certain industries, when American Express cards are used for payment for legal, but controversial, products and services, or any government inquiries or legislative scrutiny related to customer acquisition practices or card acceptance or usage. The lack of acceptance, suppression of card usage or surcharging by merchants can also negatively impact perceptions of our brand and our products, lower overall transaction volume and increase the attractiveness of other payment products or systems. Adverse developments with respect to our industry may also negatively impact our reputation, or result in greater regulatory or legislative scrutiny or litigation against us. Furthermore, as a corporation with headquarters and operations located in the United States and a brand name referring to the United States, a negative perception of the United States arising from its political or other positions could harm the perception of our company and our brand. These risks to our brand and reputation, as well as other risks described herein, are heightened by the increasing sophistication and availability of AI technology, including by assisting with the creation of deepfakes, increasing the velocity of distribution of disinformation and potentially altering the payments landscape in ways that disintermediate or create a negative perception of us. Although we monitor developments for areas of potential risk to our reputation and brand, negative perceptions or publicity could materially and adversely affect our business volumes, revenues, liquidity and profitability.

We face increased scrutiny from stakeholders who have diverging views related to business practices and company activities, which could result in reputational harm, litigation, enforcement actions and other adverse consequences. In addition, we are subject to increasing regulatory requirements and legal risks related to corporate sustainability topics, such as those arising from new disclosure requirements in certain jurisdictions. Inaccurate perceptions or mischaracterizations of disclosures on these topics, or our goals and initiatives, while outside of our control, could impact our reputation, colleague hiring and retention, and demand for our products and services.

If we are not able to successfully invest in, and compete with respect to, technological developments and new products and services across all our businesses, our revenue and profitability could be materially adversely affected.

Our industry is subject to rapid and significant technological changes. In order to compete in our industry, we need to continue to invest in technology across all areas of our business, including in transaction processing, data management and analytics, AI & ML (including agentic commerce), customer interactions and communications, open banking and alternative payment and financing mechanisms (including related to digital currencies and blockchain technologies), authentication technologies and digital identification, tokenization, real-time settlement and risk management and compliance systems. Incorporating new technologies into our products and services, including developing the appropriate governance and controls consistent with regulatory expectations, requires substantial expenditures and takes considerable time, and may have unintended consequences or ultimately be unsuccessful. We expect that new technologies in the payments industry will continue to emerge, and these new technologies may be superior to, or render obsolete, our existing technology.

The process of developing new products and services, enhancing existing products and services and adapting to technological changes and evolving industry standards is complex, costly and uncertain, and any failure by us to accurately anticipate and respond to customers’ changing needs and emerging technological trends could significantly impede our ability to compete effectively. Our competitors may develop, or partner with companies that develop, products, platforms or technologies that become more widely adopted by consumers, merchants or service providers than ours, including as a result of increased involvement by technology companies in the payments industry and our competitors’ greater scale or ability to pursue and adopt new technologies. In addition, we may underestimate the resources needed and overestimate our ability to develop new products and services and customer demand for such products and services, particularly beyond our traditional card products and travel-related services.

The use of AI & ML technologies, including generative AI and agentic commerce, has increased rapidly and may be transformative to the payments industry, heightening the risks described herein and others in ways that may be unpredictable and disadvantageous to us. Our and our partners’ use of AI & ML is subject to various and evolving risks, including flaws in models or datasets that may result in biased or inaccurate results, especially as generative AI has been known to produce false or “hallucinatory” inferences or outputs. The use of AI may also result in unintended or unexpected outcomes, present significant ethical challenges and heighten risks related to information security, the infringement of intellectual property rights and exposure of proprietary or personal information. We may also face challenges in our ability to safely deploy AI systems and implement appropriate governance and controls, which may not be as burdensome to our competitors, and which may impair our implementation or impose additional risks. The complexity of these technologies can make it difficult to assess proper operation, reduce error, or understand and explain their outputs. Adverse consequences of AI & ML remain uncertain but could include flaws in the decisions, predictions, outputs or analysis such technologies produce, subjecting us to competitive harm, legal liability, heightened regulatory scrutiny, greater prevalence of surcharging or other negative point-of-sale practices and brand or reputational harm, as well as decreased demand for our products and services or increased costs.

Our ability to adopt new technologies may be inhibited by the emergence of industry-wide standards, a changing legislative and regulatory environment, an inability to develop appropriate governance and controls, a lack of internal product and engineering expertise, resistance to change from Card Members, merchants or service providers, lack of appropriate change management processes or the complexity of our systems. In addition, our adoption of new technologies and our introduction of new products and services may increase operational complexity and risk, and expose us to new or enhanced risks, particularly in areas where we have less experience or our existing governance and control systems may be insufficient, which could require us to make substantial expenditures or subject us to legal liability, heightened regulatory scrutiny and brand or reputational harm.

We may not be successful in realizing the benefits associated with our acquisitions, strategic alliances, joint ventures and investment activity, and our business and reputation could be materially adversely affected.

We have acquired a number of businesses and have made a number of strategic investments, and continue to evaluate potential transactions. There is no assurance that we will be able to successfully identify suitable candidates, value potential investment or acquisition opportunities accurately, detect potential risks and liabilities related to those opportunities, negotiate acceptable terms

Table of Contents

for those opportunities, or complete proposed acquisitions and investments. The process of integrating an acquired company, business or technology could create unforeseen operating difficulties and expenditures, including in integrating systems, customers and personnel or further developing the acquired business or technology, result in unanticipated liabilities, including legal claims, violations of laws, commercial disputes and information security vulnerabilities or breaches (including from not integrating the acquired company, business or technology quickly or appropriately, from activities that occurred prior to the acquisition, from inadequate systems or controls of the acquired company, and from exposure to third party relationships of the acquired company or business or new laws and regulations), and may divert company time and resources or harm our business generally. For example, legal claims have arisen relating to the structure and consideration paid in certain of our acquisitions. Expanding to new businesses, geographies or customer types through acquisitions may subject us to new risks and we may not have the relevant expertise or business structure to achieve desired results. It may take us longer than expected to fully realize the anticipated benefits of these transactions, and those benefits may ultimately be smaller than anticipated, not realized at all or fully offset by other costs, which could materially adversely affect our business and operating results, including as a result of write-downs of goodwill and other intangible assets.

Joint ventures, such as those through which we operate in certain foreign jurisdictions, and minority investments in companies, such as GBTG, inherently involve a lesser degree of control over business operations, thereby potentially increasing the financial, legal, operational and/or compliance risks associated with the joint venture or minority investment, including as a result of being subject to different laws or regulations. Joint ventures and other partnerships or minority investments operating in foreign jurisdictions may also face risks from adverse regulatory actions, which could adversely affect their operations or our investment. In addition, we may be dependent on joint venture partners, controlling shareholders or management who may have business interests, strategies or goals that are inconsistent with ours and we have been and may in the future be involved in litigation with our joint venture partners and other shareholders and parties related to the joint ventures and investments. We have commercial arrangements with GBTG, including, among other things, a long-term trademark license agreement pursuant to which GBTG uses select American Express marks. GBTG also supports certain of our strategic partnerships and our Commercial Services business. Business decisions or other actions or omissions of a joint venture partner, other shareholders or management of our joint ventures and companies in which we have minority investments may adversely affect the value of our investment or any commercial benefit to us from the relationship, result in litigation or regulatory action against us and otherwise damage our reputation and brand. In addition, trade secrets and other proprietary information we may provide to a joint venture may become available to third parties beyond our control. The ability to enforce intellectual property and contractual rights to prevent disclosure of our trade secrets and other proprietary information may be limited in certain jurisdictions.

Additionally, from time to time we may decide to divest certain businesses or assets. These divestitures may involve significant uncertainty and execution complexity, which may cause us not to achieve our strategic objectives, realize expected cost savings or obtain other benefits from the divestiture and may result in unexpected losses of colleagues or harm to our brand, customers or other partners. Further, during the pendency of a divestiture, we may be subject to risks such as that the transaction may not close or the business to be divested may decline, and if a divestiture is not completed, we may not be able to find another acquiror on similar terms.

Operational and Compliance Risks

We may not be able to effectively manage the operational and compliance risks to which we are exposed.

We consider operational risk as the risk to our current or projected financial condition and resilience arising from inadequate or failed processes, human error or adverse external events. Operational risk includes, among others, the risk that error or misconduct could result in a material financial misstatement, a failure to monitor a third party’s compliance with regulatory or legal requirements, a failure to adequately monitor and control access to, or use of, data in our systems we grant to third parties or a failure to satisfy our obligations to our customers with respect to our products and services. For example, as previously disclosed, we have identified issues related to our rewards and benefits programs and have taken actions to remediate the issues and enhance our related procedures and controls. As processes or organizations are changed or become more complex, we grow in size or acquire businesses, new products and services are introduced, such as new lending features, banking products, dining capabilities and digital collectibles, or we become subject to more stringent or complicated regulatory requirements, we may not identify or address new operational risks. Through human error, fraud or malfeasance, conduct risk can result in harm to customers, legal liability, fines, sanctions, customer remediation and brand damage. Although we maintain systems and controls to help mitigate conduct risk, they may not be effective, and misconduct by one or more colleagues or partners, particularly those with access to key systems or information, could have wide-reaching consequences.

Compliance risk arises from violations of, or failure to conform or comply with, laws and/or regulations, internal policies and procedures and related practices, or ethical standards. We need to continually update and enhance our control environment to address operational and compliance risks, and our control environment and related systems have in certain instances not sufficiently detected, and may in the future not sufficiently detect, errors or omissions. Operational and compliance failures, deficiencies in our control environment or an inability to maintain high standards of business conduct can expose us to reputational and legal risks as well as fines, civil money penalties or payment of damages and can lead to diminished business opportunities and diminished ability to expand key operations.

A major information or cybersecurity incident could lead to reputational damage to our brand and material legal, regulatory and financial exposure, and could reduce the use and acceptance of our products and services.

We and third parties collect, process, transfer, host, store, analyze, retain, provide access to and dispose of account information, payment transaction information, sensitive business information and certain types of personally identifiable and other information pertaining to our customers, partners and colleagues in connection with our cards and other products and in the normal course of our business.

Table of Contents

Global financial institutions like us, as well as our customers, colleagues, regulators, service providers and other third parties, have experienced a significant increase in information security and cybersecurity risk in recent years and will likely continue to be the target of increasingly sophisticated cyberattacks, including computer viruses, malicious or destructive code, ransomware, social engineering attacks (including phishing, impersonation and identity takeover attempts), AI-assisted deepfake attacks and disinformation campaigns, corporate espionage, hacking, website defacement, denial-of-service attacks, exploitation of vulnerabilities and other attacks and similar disruptions from the misconfiguration or unauthorized use of or access to computer systems and company accounts. These threats have arisen from external parties, including state-sponsored and nation state actors, as well as insiders who knowingly or unknowingly engage in or enable malicious cyber activities. There are a number of motivations for cyber threat actors, including criminal activities such as fraud, identity theft and ransom, corporate or nation-state espionage, political agendas, public embarrassment with the intent to cause financial or reputational harm, intent to disrupt information technology systems and supply chains, and to expose and exploit potential security and privacy vulnerabilities in corporate systems and websites. Cyber threat actors have rapidly evolved their techniques and increasingly utilize advanced capabilities, including the exploitation of unknown security flaws in software and hardware and the integration of advanced forms of AI and other new technology, which can increase the efficacy, severity, frequency and ease of execution of cyberattacks. In addition, new computing technologies, such as quantum computing, may enable threat actors to compromise data encryption and other protective measures.

Our and our partners’ networks and systems are subject to constant attempts to disrupt business operations and capture, destroy, manipulate or expose various types of information relating to corporate trade secrets, customer information (including Card Member, travel, dining and loyalty program data), colleague information and other sensitive business information (including acquisition activity, non-public financial results and intellectual property). For example, we and other U.S. financial services providers have been the target of attacks, such as denial-of-service attacks, social engineering and the impersonation of current or prospective employees and contractors, in some cases conducted by nation state-affiliated actors. We develop and maintain systems and processes aimed at detecting and preventing information security and cybersecurity incidents and fraudulent activity, including our cyber crisis response procedures, which require significant investment, maintenance and ongoing monitoring and updating as technologies and regulatory requirements change, new vulnerabilities and exploits are discovered and as efforts to overcome security measures become more sophisticated. In addition, our own usage of generative AI and other emerging technologies may increase our vulnerabilities or limit our ability to detect intrusion.

Despite our efforts and the efforts of third parties that process, transmit or store our data and data of our customers and colleagues or support our operations, such as service providers, merchants and regulators, the possibility of information, operational and cybersecurity incidents, malicious social engineering, password mismanagement, corporate espionage, fraudulent or other malicious activities and human error or malfeasance cannot be eliminated entirely and will evolve as new and emerging technologies are deployed by threat actors, including the potential use of advanced forms of AI and quantum computing, and we increasingly use platforms that are outside of our network and control environments. For example, we are aware that certain of our third-party service providers and joint ventures have been the victims of ransomware and other cyberattacks, in some instances that affected our data or services provided to us. Furthermore, recently introduced products and services, such as checking accounts and non-card lending, may lead to an increase in the number or types of cyberattacks and our exposure to fraud and other malfeasance. Risks associated with such incidents and activities include theft of funds and other monetary loss, disruption of our operations and the unauthorized disclosure, release, gathering, monitoring, misuse, modification, loss or destruction of confidential, proprietary, trade secret or other information (including account data information). An incident may not be detected until well after it occurs and the severity and potential impact may not be fully known for a substantial period of time after it has been discovered. We are subject to varied cybersecurity regulations and incident reporting requirements, which could require us to disclose incidents that may not have been resolved or fully investigated at the time of disclosure, leading to customer confusion, regulatory scrutiny and negative publicity and exacerbating risks related to the incident itself. Our ability to address incidents may also depend on the timing and nature of assistance that may be provided by relevant governmental or law enforcement agencies.

Information, operational or cybersecurity incidents and other actual or perceived failures to maintain confidentiality, integrity, availability of services and data, privacy and/or security has led to regulatory investigations and increased regulatory scrutiny and may lead to regulatory intervention (such as mandatory card reissuance), consent decrees, increased litigation (including class action litigation), response costs (including notification and remediation costs), fines, negative assessments of us and our subsidiaries by banking regulators and rating agencies, reputational and financial damage to our brand, negative impacts to our partner relationships, and reduced usage of our products and services, all of which could have a material adverse impact on our business. The disclosure of sensitive company information could also undermine our competitive advantage and divert management attention and resources.

Successful cyberattacks, data breaches, disruptions or other incidents related to the actual or perceived failures to maintain confidentiality, integrity, availability of services and data, privacy and/or security at other large financial institutions, large retailers, travel and hospitality companies, government agencies or other market participants, whether or not we are impacted, could lead to a general loss of customer confidence that could negatively affect us, including harming the market perception of the effectiveness of our security measures or harming the reputation of the financial system in general, which could result in reduced use of our products and services. Such events could also result in legislation and additional regulatory requirements. Although we maintain cyber insurance, there can be no assurance that liabilities or losses we may incur will be covered under such policies or that the amount of insurance will be adequate.

The uninterrupted operation of our information systems is critical to our success and a significant disruption could have a material adverse effect on our business and results of operations.

We rely extensively on our information technology systems and those of our third parties, including our transaction authorization, clearing and settlement systems, data centers and cloud data storage and processing services, which have experienced and may continue to experience service disruptions or degradation that may result from technology malfunction, sudden increases in

Table of Contents

processing or other volumes, natural disasters and weather events, fires, accidents, technology change management issues, power outages, internet outages, telecommunications failures, fraud, denial-of-service, ransomware and other cyberattacks, inadequate infrastructure in lesser-developed markets, technology capacity management issues, terrorism, computer viruses, vulnerabilities or failures in hardware or software, physical or electronic break-ins, or other operational issues or similar events. Due to the interconnectivity and complexity of information systems and their reliance on common systems, software and vendors (e.g., large technology and cloud-service providers), disruptions or degradations have had, and will likely continue to have, wide-reaching consequences, including the potential to disrupt the overall financial system and other key systems in the global economy. Service disruptions or degradations impacting us or our partners can prevent access to online services and account information, compromise or limit access to company or customer data, impede or prevent transaction processing, communications to customers and financial reporting, disrupt ordinary business operations, result in contractual penalties or obligations, trigger regulatory reporting obligations, and lead to regulatory investigations and fines, increased regulatory oversight, and litigation (including class action litigation). Any such service disruption or degradation could adversely affect the perception of the reliability of our products and services and materially adversely affect our overall business, reputation and results of operations.

Fraudulent activity associated with our products and services could have a material adverse effect on our business and results of operations.

We face risks from fraudulent activity associated with Card Members, merchants and others, including through bad actors obtaining access to our customer accounts and information and frauds committed by our customers against us. Large financial services firms such as American Express and our customers are regularly targeted by a range of fraudulent activity, including fraud on our card and banking products, false disputes, account takeovers, identity theft and electronic-transaction related crimes, with sophisticated perpetrators increasingly utilizing a range of advanced techniques and multiple parties acting in concert. New or emerging technologies, such as generative AI capabilities, have increased these fraud risks. For example, we have seen our customers targeted by elaborate and voluminous social engineering attacks, which may utilize advanced methods of deception, such as synthetic voice and conversation generation. Information and cybersecurity breaches and other operational incidents that we or third parties experience also increase our fraud risk. Additionally, our introduction of new products and services, expansion into new jurisdictions or usage of new partners or vendors may create new fraud risks or heighten existing risks. While we have policies and procedures designed to address fraud risks, such as customer authentication controls and fraud detection systems, they may be insufficient to accurately predict, prevent or detect fraud.

Increased fraudulent activity associated with our products and services could materially adversely affect our financial condition and results of operations, including as a result of credit losses and other expenses. Furthermore, fraudulent activity could harm our brand and reputation, negatively impact the use or acceptance of our products and services and lead to regulatory intervention or other actions (such as mandatory card reissuance).

Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition.

We face heightened and evolving regulatory expectations and scrutiny in the U.S. and globally, which significantly affects our business and requires continual enhancement of our compliance efforts. Supervision efforts and the enforcement of existing laws and regulations impact the scope and profitability of our existing business activities, limit our ability to pursue certain business opportunities and adopt new technologies, compromise our competitive position (particularly where we may be treated differently from our competitors), and affect our relationships with Card Members, partners, merchants, service providers and other third parties. New laws or regulations could similarly affect our business, increase the costs and complexity of doing business, impact what we are able to charge for, or offer in connection with, our products and services, impose conflicting obligations, and require us to change certain of our business practices and invest significant management attention and resources, all of which could adversely affect our results of operations and financial condition. Political developments, including those relating to recent shifts in trade policy and heightened geopolitical tensions, have resulted in and may further result in an increase in the number, complexity and scope of laws and regulations, heightened legislative and regulatory uncertainty, changes to supervisory and enforcement priorities, and increased risk of fragmentation in global financial regulation. In addition, legislators and regulators around the world are aware of each other’s approaches to the regulation of the financial services industry, so a development in one jurisdiction may influence regulatory approaches in another.

If we fail to satisfy regulatory requirements and expectations or maintain our financial holding company status or other applicable licenses and charters, our financial condition and results of operations could be adversely affected, and we may be restricted in our ability to take certain capital actions (such as declaring dividends or repurchasing outstanding shares) or engage in certain business activities or acquisitions, which could compromise our competitive position. Additionally, our banking regulators have wide discretion in the examination and the enforcement of applicable banking statutes and regulations and may restrict our ability to engage in certain business activities or acquisitions or require us to maintain more capital. We are currently a Category III firm for purposes of the U.S. federal bank regulatory agencies’ tailoring framework, which subjects us to heightened regulatory expectations and more stringent regulatory requirements. As we continue to grow, these expectations and requirements may further increase, such as if we become a Category II firm, which may increase our compliance costs and adversely affect our business.

Legislators and regulators continue to focus on the operation of card networks, including interchange fees paid to card issuers in payment networks such as Visa and Mastercard, network routing practices and the fees merchants are charged to accept cards. While in some cases our business is subject to exemptions related to certain of these regulations, there is no guarantee that such exemptions will continue to be available and even where we are not directly regulated, regulation of bankcard fees significantly negatively impacts the discount revenue derived from our business, including as a result of downward pressure on our discount rate from decreases in competitor pricing in connection with caps on interchange fees. In some cases, regulations also extend, or may extend, to certain aspects of our business, such as network and cobrand arrangements, new products or services we may offer, or the terms of card acceptance for merchants, including terms relating to non-discrimination and honor-all-cards. For example, we have exited our network licensing businesses in the EU and Australia as a result of regulation in those jurisdictions. In addition,

Table of Contents

there is uncertainty as to when or how interchange fee caps and other provisions of payments legislation might apply when we work with cobrand partners and agents in the EU. See “Supervision and Regulation — Payments Regulation” under “Business” for more information. Given differing interpretations by regulators and participants in cobrand arrangements, we are subject to regulatory action, penalties and the possibility we will not be able to maintain our existing cobrand and agent relationships in the EU. In addition, a number of federal and state laws to regulate various aspects of network operations are being considered or have passed, including regarding information associated with electronic transactions (such as the use of specific merchant categories codes or limitations on the use of transaction data) and pricing of electronic transactions (such as interchange fees on sales tax or gratuities).

Legislators and regulators also continue to focus on consumer protection, including product design and pricing constructs, account management and security, creditworthiness assessments, credit bureau reporting, disclosure rules, marketing, forbearance measures and debt collection practices. This focus has included fees, interest rates and rewards associated with card and banking products, such as recent proposals to cap credit card interest rates. In addition, government agencies are reviewing financial institutions’ policies and practices for providing, maintaining or discontinuing financial products or services to certain clients or potential clients. Any new requirements or increased enforcement of existing requirements could materially and adversely impact our revenue growth and profitability, including, as a result of increased scrutiny of our pricing, underwriting and account management practices; the imposition of fines and customer remediation; higher compliance costs; reputational harm; impacts to our ability to issue cards or extend credit to current and prospective Card Members, appropriately price for the value of our products or work with certain business partners; and changes to our business practices generally.

We are subject to significant supervision and regulation with respect to compliance with AML/CFT laws, sanctions regimes and anti-corruption laws in numerous jurisdictions. As regulators increase their focus with respect to these financial crimes laws, new technologies such as digital currencies develop, near real-time money movement solutions are adopted, we introduce new products and geopolitical tensions increase, we face increased costs related to oversight, supervision and potential fines. We have been engaging with our federal regulators in relation to certain aspects of our financial crimes compliance program and we are working to enhance our existing programs, policies and procedures and identify and remediate deficiencies to strengthen our program and address regulatory feedback. From time to time, we identify transactions or accounts relating to certain sanctioned parties that we terminate, block and report to our regulators, as applicable. Errors, failures or delays in complying with financial crimes laws, deficiencies in our related compliance programs or association of our business with money laundering, terrorist financing, tax fraud or other illicit activities or sanctioned persons, entities, governments or countries could give rise to significant supervisory, criminal and civil proceedings and lawsuits, which could result in significant penalties and forfeiture of assets, loss of licenses or restrictions on business activities, or other enforcement actions, and our reputation may suffer due to our customers’ association with certain countries, persons or entities or the existence of any such transactions. Additionally, our financial crimes compliance programs may limit our ability to pursue certain business opportunities or affect our relationships with certain partners, service providers and other third parties.

See “Supervision and Regulation” under “Business” for more information about certain laws and regulations to which we are subject and their impact on us.

Litigation and regulatory actions could subject us to significant fines, penalties, judgments and/or requirements resulting in significantly increased expenses, damage to our reputation and/or a material adverse effect on our business and results of operations.

At any given time, we are involved in a number of legal proceedings, including class action lawsuits, mass arbitrations and similar actions. Many of these actions include claims for substantial compensatory or punitive damages and require us to incur significant costs for legal representation, arbitration fees or other legal or related services. While we have historically relied on our arbitration clause in agreements with customers to limit our exposure to class action litigation, there can be no assurance that we will be able to continue to maintain our arbitration provisions in the future or be successful in enforcing them, including as a result of legal challenges to, and new regulations affecting, our arbitration provisions, and claims of the type we previously arbitrated could be subject to the complexities, risks and costs associated with class action cases. The continued focus of merchants and other parties on issues relating to the acceptance of various forms of payment may lead to additional litigation and other legal actions. Given the inherent uncertainties involved in litigation, and the very large or indeterminate damages and broad injunctive relief sought in some matters asserted against us, there is significant uncertainty as to the ultimate liability we may incur, and changes to our business practices we may be required to make, due to litigation.

We expect that financial institutions, such as American Express, will continue to face significant regulatory scrutiny, with regulators taking formal enforcement actions against financial institutions in addition to addressing supervisory concerns through non-public supervisory actions or findings, which could involve restrictions on our activities, among other limitations, that could adversely affect our business. In addition, a violation of law or regulation by another financial institution could give rise to an investigation by regulators and other governmental agencies of the same or similar practices by us. Further, a single event may give rise to numerous and overlapping investigations and proceedings. External publicity concerning investigations can increase the scope and scale of investigations and lead to further regulatory inquiries.

We are also involved at any given time with governmental and regulatory inquiries, investigations and proceedings. Regulatory scrutiny has continued to increase in a number of areas, and regulatory action could subject us to significant fines, penalties or other requirements resulting in Card Member reimbursements, increased expenses, limitations or conditions on our business activities, and damage to our reputation and our brand, all of which could materially adversely affect our business and results of operations. For example, as previously disclosed, in 2025 we entered into agreements to resolve governmental investigations related to historical sales practices for certain U.S. small business customers.

Legal proceedings regarding provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, could have a material adverse effect on our business and result in additional litigation and/or arbitrations, changes to our merchant agreements and/or business practices, substantial monetary damages and damage to our reputation and brand.

Table of Contents

We are, and have been in the past, a defendant in a number of actions, including legal proceedings, arbitrations and proposed class actions, challenging certain provisions of our card acceptance agreements. See Note 12 to the “Consolidated Financial Statements” for a description of certain outstanding legal proceedings.

An adverse outcome in these proceedings could have a material adverse effect on our business and results of operations, require us to change our merchant agreements in a way that could expose our cards to increased merchant surcharging, steering and other forms of discrimination that could impair the Card Member experience, result in additional litigation and/or arbitrations, impose substantial monetary damages and damage our reputation and brand. Even if we were not required to change our merchant agreements, changes in Visa’s and Mastercard’s policies or practices as a result of legal proceedings, lawsuit settlements or regulatory actions pending against them could result in changes to our business practices and materially and adversely impact our profitability. For example, in November 2025 Visa and Mastercard proposed a lawsuit settlement agreement that would, among other things, require reductions and caps on interchange fees, provide merchants greater options to impose a surcharge on credit transactions, and allow merchants to choose not to accept certain categories of credit cards. If the settlement agreement is approved by the court, or Visa and Mastercard otherwise agree to make similar changes, it may result in greater surcharging generally, decreased acceptance by merchants of certain types of cards, such as premium cards, or downward pressure on our merchant discount rates from decreases in competitor pricing in connection with reductions and caps on interchange fees.

We rely on third-party providers for acquiring and servicing customers, technology, platforms and other services integral to the operations of our businesses. These third parties may act in ways or experience issues that could materially harm our business.

We rely on third-party service providers, cobrand partners, merchants, dining partners, affiliate marketing firms, merchant acquirers, processors, payment facilitators, network partners and other third parties for services that are integral to our operations and are subject to the risk that activities of such third parties may adversely affect our business. As outsourcing, specialization of functions, third-party digital services and technology innovation within the payments industry and related service functions increase (including with respect to mobile technologies, tokenization, big data, AI and cloud-based solutions), more third parties are involved in processing payment transactions, handling our data and supporting our operations and we may require significantly greater scale from these third parties. For example, we rely on third parties for the timely transmission of accurate information across our global network, card acquisition and provision of services to our customers.

We have experienced in certain limited circumstances and may continue to experience disruptions, operational issues or other events with respect to our third parties or our third parties’ service providers, including their failure to fulfill their obligations, contractual breaches and the information, cybersecurity and operational incidents described above, and we also have identified weaknesses in certain third parties’ processes and controls. Such disruptions, operational issues, control and process weaknesses or other events could interrupt or compromise the quality of our services to customers, impact the confidentiality, integrity, availability and security of our data, lead to fraudulent transactions on our cards or other products, impact our business, cause brand or reputational damage, and lead to costs associated with responding to a disruption, including notification and remediation costs, costs to switch service providers or move operations in house, regulatory investigations and fines and increased regulatory oversight and litigation. Third parties may face similar or greater risks than we do, including as a result of their relationship with us; however, they may be less prepared to mitigate those risks and may be targeted by bad actors as a result, which can result in greater disruptions and other risk events. Third parties may also act in other ways that are inconsistent with our interests or contrary to our strategic or technological initiatives, such as ceasing to provide data to us or using our data in a way that was not authorized or diminishes the value of the transaction data we receive through our integrated payments platform.

The management and oversight of an increasing number of third parties increases our operational complexity and governance challenges and decreases our control. A failure to exercise adequate oversight over third parties, including compliance with service level agreements or regulatory or legal requirements, could result in regulatory actions, fines, litigation, sanctions or economic and reputational harm to us. In addition, we may not be able to effectively monitor or mitigate operational risks relating to our third-party providers’ service providers. We are also exposed to the risk that a service disruption at a service provider common to our third parties could impede their ability to provide services to us. Notwithstanding any attempts to diversify our reliance on third parties, in certain cases there may be limited alternatives or high costs for diversification, and we also may not be able to effectively mitigate operational risks relating to the service providers of our third-party providers.

Our use of models, including the data that underlie them, to manage risk and make business decisions may not be effective.

We use models and automation throughout our business, including to inform and support decision making, manage risks, estimate financial values and forecast liquidity and funding needs. Although we have a governance framework for model development and independent model validation, the modeling methodology or key assumptions could be erroneous or the models could be misused. In addition, issues with completeness, accuracy and timeliness of data inputs, the quality or effectiveness of our data aggregation and validation procedures, and the quality and integrity of formulas and algorithms, could result in ineffective or inaccurate model outputs and reports. Models based on historical data sets might not be accurate predictors of future outcomes, such as when we lack recent precedent or recent precedent deviates from current circumstances because of changes in customer behavior, the credit or demographic profiles of our Card Members, the geopolitical or macroeconomic environment or otherwise. We periodically review our models, and updates that we make may result in significantly different outputs. Additionally, we increasingly use models that leverage AI, which are subject to additional risks such as biased or inaccurate results or lowered interpretability. The complexity of these models and our limited transparency into the AI may make it difficult to understand certain outputs or identify errors. Certain models, such as models used to estimate reserves for credit losses under Current Expected Credit Loss (CECL) and Membership Rewards liability, require us to make difficult, subjective and complex judgments, and utilize forward-looking information and information provided by third parties over which we have limited oversight or control. If our business decisions, risk management practices or financial estimates and forecasts are based on incorrect or misused models and assumptions or we fail to manage data inputs effectively and to aggregate or analyze data in an accurate and timely manner, our results of operations and financial condition may be materially adversely affected.

Table of Contents

Our success is dependent on maintaining a culture that adheres to our values and upon our executive officers and other key personnel, and misconduct by or loss of personnel could materially adversely affect our business.

We rely upon our colleagues not only for business success, but also to adhere to our Blue Box Values, which include acting with integrity, promoting a culture of respect and operating with a mindset of controls and risk management. To the extent our colleagues behave in a manner that does not comport with our company’s values, including acting in ways that harm customers, colleagues or others, the consequences to our brand, reputation and compliance and risk management efforts could be severe and could negatively affect our financial condition and results of operations.

The market for qualified, highly motivated individuals with a range of perspectives is highly competitive and we may not be able to attract and retain such individuals. Advances in technology such as AI may increase competition for individuals with expertise in key skills and require our colleagues to adapt to new skills and methods of working. The unexpected loss of key personnel or our inability to effectively execute succession planning for such personnel could disrupt our business and have an adverse impact on our future performance. Changes in immigration and work permit laws and regulations or the administration or enforcement of such laws or regulations or other changes in the legal or regulatory environment can also impair our ability to attract and retain qualified personnel, or to employ colleagues in the location(s) of our choice. Our compensation practices are subject to regulatory review and oversight, which could further affect our ability to attract and retain our executive officers and other key personnel. Our inability to attract, develop and retain highly skilled and motivated personnel with a range of perspectives could materially adversely affect our business and our culture.

Regulation in the areas of privacy, data protection, data management, resiliency, data transfer, third party oversight, account access, AI & ML and information security and cybersecurity could increase our costs and affect or limit our business opportunities and how we collect, use and/or retain personal information.

Legislators and regulators in the United States and other countries in which we operate are increasingly adopting or revising privacy, data protection, data management, resiliency, data transfer, third party oversight, account access, AI & ML and information security and cybersecurity laws, including data localization, authentication and notification laws. As such laws are interpreted and applied (in some cases with significant differences or conflicting requirements across jurisdictions), compliance and technology costs will continue to increase. Additionally, automated decision making and AI & ML technologies, including the adoption of agentic commerce, present novel and complex legal risks, often with limited established guidance and significant uncertainty. New laws and regulations related to these technologies, as well as the application of existing laws and regulations, may restrict or impose burdensome and costly requirements on our ability to use them or impact other aspects of our business, particularly as the legal landscape related to these technologies remains fragmented with potentially inconsistent requirements.

Compliance with current or future laws in the aforementioned areas could significantly impact our business operations, including our collection, use, sharing, retention and safeguarding of consumer, partner and/or colleague information and could restrict our ability to fully maximize our integrated payments platform or provide certain products and services or work with certain service providers, which could materially and adversely affect our profitability. Our failure to comply with such laws, including as a result of process breakdowns, human error or technical issues, or to maintain sufficient governance and control structures could result in potentially significant regulatory and/or governmental investigations and/or actions, litigation, fines, sanctions, ongoing regulatory monitoring, customer attrition, decreases in the use or acceptance of our cards and damage to our reputation and our brand. In recent years, there has been increasing regulatory enforcement and litigation activity in the areas of privacy, data protection, data management, AI & ML and information security and cybersecurity in the United States, the EU and various other countries in which we operate and our data protection and governance programs have become the subject of heightened scrutiny.

For more information on regulatory and legislative activity in this area, see “Supervision and Regulation — Privacy, Data Protection, Data Management, AI, Resiliency, Information Security and Cybersecurity” under “Business.”

If we are not able to protect our intellectual property rights, or successfully defend against any infringement or misappropriation assertions brought against us, our revenue and profitability could be negatively affected.

We rely on a variety of measures to protect our intellectual property rights and control access to, and distribution of, our trade secrets and other proprietary information. These measures may not prevent infringement of our intellectual property rights or misappropriation of our proprietary information and a resulting loss of competitive advantage. Our ability to detect infringements of our intellectual property, enforce intellectual property rights and prevent disclosure of our trade secrets and other proprietary information may be limited and such efforts may be costly. In addition, competitors or other third parties may allege that our products, systems, processes or technologies infringe on their intellectual property rights. Given the complex, rapidly changing and competitive technological and business environments in which we operate, and the potential risks and uncertainties of intellectual property-related litigation, a future assertion of an infringement or misappropriation claim against us could cause us to lose significant revenues, incur significant defense, license, royalty or technology development expenses, and/or pay significant monetary damages. Furthermore, given intellectual property ownership and license rights surrounding AI, such as generative AI, are currently not fully addressed by courts or regulators, we may not be able to protect our intellectual property rights against infringing use and our use or adoption of AI may result in exposure to claims by third parties.

Tax legislative initiatives or assessments could adversely affect our results of operations and financial condition.

We are subject to income and other taxes in the United States and in various foreign jurisdictions. The laws and regulations related to tax matters are extremely complex, require significant judgment and are subject to varying interpretations. Although management believes our positions are reasonable, they are subject to challenge by the Internal Revenue Service in the United States and by tax authorities in other jurisdictions in which we conduct business operations, which could have an adverse impact on our tax liabilities. Refer to Note 19 to the “Consolidated Financial Statements” for information on the U.S. federal income tax audit of transfer pricing arrangements between our U.S. and foreign subsidiaries.

We are being challenged in a number of countries regarding our application of value-added taxes (VAT) to certain transactions. While we believe we comply with all applicable VAT and other tax laws, rules and regulations in the relevant jurisdictions, the tax

Table of Contents

authorities may determine that we owe additional taxes or apply existing laws and regulations more broadly, which could result in a significant increase in liabilities for taxes and interest in excess of accrued liabilities.

Legislative action or inaction in the jurisdictions in which we have operations could increase our effective tax rate. For example, guidelines issued by the Organization for Economic Cooperation and Development introduced a global minimum tax of 15 percent on the global profits of multinational enterprises, such as us. The global minimum tax increased our tax liability in 2025 as it came into effect in various jurisdictions where we operate and we expect the global minimum tax will continue to increase our tax liability in 2026 if it continues to be in effect in its current form.

Jurisdictions may also make changes related to the tax treatment of card transactions, such as imposing taxes on Card Member rewards or prohibiting interchange fees on sales tax, which could decrease the value we provide to customers and adversely impact our business.

Our operations, business, customers and partners could be adversely affected by climate-related risks.

We may face physical risks related to climate, including rising average global temperatures, rising sea levels and an increase in the frequency and severity of extreme weather events and natural disasters. Such events and disasters could disrupt our operations or the operations of customers or third parties on which we rely and could result in market volatility or negatively impact our customers’ spending behaviors or ability to pay outstanding loans. We also may face risks related to the transition to a low-carbon economy, such as changes in consumer preferences, travel patterns and legal requirements, which could impact our revenues or expenses or otherwise adversely affect our business, our customers and partners.

We may not be able to effectively identify, measure or control our exposure to climate-related risks, particularly given that the timing, nature and severity of the impacts of these risks may not be predictable. We could be criticized for the timing, scope or nature of our climate-related initiatives and goals. There can be no assurance that we will achieve these goals, which depend in part on third-party performance, data that is outside of our control and methodologies that may evolve over time. We could be required to change our business, management practices and partnerships, incur expenses from changes to our technology, operations, products and services and experience reputational harm as a result of negative public sentiment, regulatory scrutiny and reduced stakeholder confidence, due to our response or perceived lack of response to climate and environmental issues.

Credit, Market and Liquidity Risks

We are exposed to credit risk and trends that affect Card Member spending and the ability of customers and partners to pay us, which could have a material adverse effect on our results of operations and financial condition.

We are exposed to both individual credit risk, principally from consumer and small business Card Member loans and receivables, and institutional credit risk, principally from corporate Card Member loans and receivables, merchants, network partners, loyalty coalition partners and treasury and investment counterparties. Third parties may default on their obligations to us due to bankruptcy, lack of liquidity, operational failure or other reasons. General economic factors, such as recession or slow economic growth, unemployment, inflation, structural changes in the economy and interest rates, may result in greater delinquencies that lead to greater credit losses. A customer’s ability and willingness to repay us can be negatively impacted not only by economic, market, political and social conditions but also by a customer’s other payment obligations (with these factors sometimes influencing one another, such as the end of the moratorium on student loan repayments), and increasing leverage can result in a higher risk that customers will default or become delinquent in their obligations to us.

We rely principally on the customer’s creditworthiness for repayment of loans or receivables and therefore often have no other recourse for collection. Our ability to assess creditworthiness may be impaired as a result of changes in our underwriting practices or if the criteria or models we use to manage our credit risk prove inaccurate in predicting future losses, which could have a negative impact on our results of operations. This may be exacerbated to the extent information we have historically relied upon to make credit decisions does not accurately portray a customer’s creditworthiness, including as a result of the current interest rate and economic conditions. Further, our pricing strategies, particularly for new lending features and non-card lending products, may not offset the negative impact on profitability caused by increases in delinquencies and losses; thus any material increases in delinquencies and losses beyond our current estimates could have a material adverse impact on us. Although we make estimates to provide for credit losses in our outstanding portfolio of loans and receivables, these estimates may not be accurate. In addition, the information we use in managing our credit risk may be inaccurate or incomplete.

Rising indicators of credit losses, both with respect to our customers, such as delinquencies, and with respect to broader macroeconomic factors, such as current or future levels of unemployment, gross domestic product (GDP) and bankruptcies, may require us to increase our reserve for credit losses and result in future write-offs. Higher write-off rates and increases in our reserves for credit losses adversely affect our profitability and the performance of our securitizations, and may increase our cost of funds.

Although we regularly review our credit exposure to specific clients and counterparties and to specific industries, countries and regions that we believe may present credit concerns, default risk may arise from events or circumstances that are difficult to foresee or detect, such as fraud. In addition, our ability to manage credit risk or collect amounts owed to us may be adversely affected by legal or regulatory changes (such as restrictions on collections or changes in bankruptcy laws, minimum payment regulations and re-age guidance), changes in customer behavior (such as the increased use of debt settlement companies) or decreases in the effectiveness of our collections operations. Increased credit risk, whether resulting from underestimating the credit losses inherent in our portfolio of loans and receivables, deteriorating economic or political conditions (particularly in the United States, as U.S. Card Members were responsible for approximately 79 percent of our total Card Member loans and receivables outstanding as of December 31, 2025), increases in the level of loan and receivable balances, changes in our mix of business or otherwise, could require us to increase our provisions for losses and could have a material adverse effect on our results of operations and financial condition.

Table of Contents

Interest rate changes could materially adversely affect our earnings.

We had net interest income of approximately $17.4 billion for the year ended December 31, 2025. Changes in interest rates could adversely affect our net interest yield, and consequently our net interest income and results of operations, including if our borrowing costs and the interest we pay on deposits increase at a greater magnitude than the rate of interest we earn on our loans. In addition, interest rate changes or prolonged periods of elevated or depressed rates may affect customer behavior, such as by impacting the balances Card Members carry on their cards or their ability to make payments to us, general spending and economic activity, or the demand for deposit accounts. While we take actions to mitigate interest risk, such as employing hedging strategies and changing the rates we pay on deposits, these actions may not be effective and we may be limited in our ability to maintain the spread between our borrowing costs and our interest income, whether as a result of changes in benchmark rates, regulation, the competitive environment, customer behavior or otherwise. For a further discussion of our interest rate risk, see “Risk Management ― Market Risk Management Process” under “MD&A.”

We are subject to capital adequacy and liquidity rules, and if we fail to meet our capital and liquidity requirements, our business would be materially adversely affected.

As a financial institution, we are subject to extensive and complex capital and liquidity requirements. Our failure to meet current or future requirements, whether as a result of adverse business developments or changes in the applicable requirements, could compromise our competitive position and result in restrictions imposed by the Federal Reserve, or the OCC with respect to AENB, including limiting our ability to pay dividends, repurchase our capital stock, invest in our business, expand our business or engage in acquisitions. Some elements of the capital and liquidity regimes are not yet final and certain developments could significantly impact the requirements applicable to financial institutions. For example, if the U.S. federal bank regulatory agencies adopt the 2017 Basel Committee standards revisions to the standardized approach for credit risk and operational capital requirements, it could result in significantly higher regulatory capital requirements. In addition, it may be necessary for us to hold additional capital because of an increase in the SCB requirement based on results from a supervisory stress test.

Compliance with capital adequacy and liquidity rules requires a material investment of resources and may be affected by unforeseen events impacting our business or general economic conditions. An inability to meet regulatory expectations regarding our compliance with applicable capital adequacy and liquidity rules or supervisory expectations regarding capital and liquidity risk management capabilities and practices may also negatively impact the assessment of us and AENB by federal banking regulators. Additionally, as a Category III firm, we are subject to more stringent capital and liquidity requirements, which may further increase if we grow to become a Category II firm.

For more information on capital adequacy requirements, see “Supervision and Regulation — Capital and Liquidity Regulation” under “Business.”

We are subject to restrictions that limit our ability to pay dividends and repurchase our capital stock. Our subsidiaries are also subject to restrictions that limit their ability to pay dividends to us, which may adversely affect our liquidity.

We are limited in our ability to pay dividends and repurchase capital stock by our regulators, who have broad authority to prohibit any action that would be considered an unsafe or unsound banking practice. We are subject to a requirement to submit capital plans to the Federal Reserve for review that include, among other things, projected dividend payments and repurchases of capital stock. As part of the capital planning and stress testing process, our proposed capital actions are assessed against our ability to satisfy applicable capital requirements in the event of a stressed market environment. If we fail to satisfy applicable capital requirements, including the stress capital buffer, our ability to undertake capital actions may be restricted.

Our ability to declare or pay dividends on, or to purchase, redeem or otherwise acquire, shares of our common stock will be prohibited, subject to certain exceptions, in the event that we do not declare and pay in full dividends for the last preceding dividend period of our preferred stock.

We rely on dividends from our subsidiaries for liquidity, and such dividends may be limited by law, regulation or supervisory policy. For example, AENB is subject to various statutory and regulatory limitations on its declaration and payment of dividends. These limitations may hinder our ability to access funds we may need to make payments on our obligations, make dividend payments or otherwise achieve strategic objectives. In addition, as a bank holding company, we may be required to commit capital and financial resources to support AENB, which could adversely affect our liquidity.

Any future reduction or elimination of our common stock dividend or share repurchase program could adversely affect the market price of our common stock and market perceptions of American Express. For more information on bank holding company and depository institution dividend restrictions, see “Supervision and Regulation — Stress Testing and Capital Planning” and “— Dividends and Other Capital Distributions” under “Business,” as well as “Consolidated Capital Resources and Liquidity — Dividends and Share Repurchases” under “MD&A” and Note 21 to the “Consolidated Financial Statements.”

Adverse market conditions may significantly affect our access to, and cost of, capital and ability to meet liquidity needs.

Our ability to obtain financing in the capital markets, such as from unsecured term debt issuances and asset securitizations, is dependent on financial market conditions. Disruptions, uncertainty or volatility across the financial markets, as well as adverse developments affecting us, our competitors, the financial industry or the economy generally, could negatively impact market liquidity and limit our access to funding required to operate and grow our business and satisfy cash needs, maturing liabilities and regulatory capital requirements. In some circumstances, our business growth or funding needs may increase unexpectedly and/or we may incur an unattractive cost to raise capital, which could decrease profitability and significantly reduce financial flexibility. Additional factors affecting the extent to which we may securitize loans and receivables in the future include the overall credit quality of our loans and receivables, the costs of securitizing our loans and receivables, the demand for credit card asset-backed securities and the legal, regulatory, accounting or tax rules affecting securitization transactions and asset-backed securities, generally. Our liquidity and cost of funds would also be adversely affected by the occurrence of events that could result in the early

Table of Contents

amortization of our existing securitization transactions. For a further discussion of our liquidity and funding needs, see “Consolidated Capital Resources and Liquidity” under “MD&A.”

Any reduction in our credit ratings could increase the cost of our funding from, and restrict our access to, the capital markets and have a material adverse effect on our results of operations and financial condition.

Ratings of our long-term and short-term debt and deposits are based on a number of factors, including our financial strength, as well as factors not within our control, including conditions affecting the financial services industry, the U.S. Government and the macroeconomic environment, as well as changes made by ratings agencies to their methodologies or assumptions. Our ratings could be downgraded at any time and without any notice by any of the rating agencies, which could, among other things, adversely limit our access to the capital markets and adversely affect the cost and other terms upon which we are able to obtain funding. Our ability to raise funding through the securitization market also depends, in part, on the credit ratings of the securities we issue from our securitization trusts. If we are not able to satisfy rating agency requirements to confirm the ratings of our asset-backed securities, it could limit our ability to access the securitization markets.

Adverse currency fluctuations and foreign exchange controls could decrease earnings we receive from our international operations.

During 2025, approximately 22 percent of our total revenues net of interest expense were generated from activities outside the United States. We are exposed to foreign exchange risk from our international operations, and accordingly the revenue we generate outside the United States is subject to unpredictable fluctuations if the values of other currencies change relative to the U.S. dollar, which could have a material adverse effect on our results of operations.

Political and economic conditions could continue to cause changes in the values of currencies and a further strengthening of the U.S. dollar will negatively impact our net revenues. Substantial and sudden devaluation of Card Members’ local currency can also affect their ability to make payment to us. Foreign exchange regulations or capital controls might restrict or prohibit the conversion of other currencies into U.S. dollars or our ability to transfer them and the availability of foreign exchange could further impact our results of operations.

An inability to attract or maintain deposits could materially adversely affect our liquidity position and our ability to fund our business.

Our U.S. bank subsidiary, AENB, accepts deposits and uses the proceeds as a source of funding, with our direct retail deposits becoming a larger proportion of our funding over time. We continue to face strong competition with regard to deposits, and pricing and product changes may adversely affect our ability to attract and retain cost-effective deposit balances. To the extent we offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. Additionally, a decrease in confidence in the soundness of us or in the banking sector more broadly, such as following the occurrence of bank failures, or in the level of insurance available on deposits may cause rapid deposit withdrawals or an unwillingness to maintain deposits with us, which could materially adversely affect us and our ability to fund our business. The use of social media and similar channels has the potential to intensify and accelerate such a decrease in confidence in soundness.

Our ability to obtain deposit funding and offer competitive interest rates on deposits is also dependent on AENB’s capital levels. The FDIA’s brokered deposit provisions and related FDIC rules in certain circumstances prohibit banks from accepting or renewing brokered deposits and apply other restrictions, such as a cap on interest rates that can be paid. Additionally, our regulators can adjust applicable capital requirements at any time and have authority to place limitations on our deposit businesses. An inability to attract or maintain deposits in the future could materially adversely affect our ability to fund our business.

The value of our investments may be adversely impacted by economic, political or market conditions.

Market risk includes the loss in value of portfolios and financial instruments due to adverse changes in market variables, which could negatively impact our financial condition. We have experienced realized and unrealized losses in our Amex Ventures ™ equity investments and may experience further losses in the future. As of December 31, 2025, we held approximately $1.0 billion of investment securities, primarily consisting of debt securities, and equity investments, including certain equity method investments, totaling approximately $2.4 billion. Negative market conditions, changes in valuations or increases in default rates or bankruptcies with respect to these investments, due to economic conditions, business performance or otherwise, could have a material adverse impact on the value of our investments, potentially resulting in impairment charges. Defaults, threats of defaults or economic disruptions, even in countries or territories in which we do not have material investment exposure, conduct business or have operations, could adversely affect us.

Table of Contents

Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A)

Executive Overview

Consolidated Results of Operations

Business Segment Results of Operations

Consolidated Capital Resources and Liquidity

Risk Management

Critical Accounting Estimates

Other Matters

Quantitative and Qualitative Disclosures about Market Risk

Financial Statements and Supplementary Data

Management’s Report on Internal Control Over Financial Reporting

Report of Independent Registered Public Accounting Firm (PCAOB ID 238 )

Index to Consolidated Financial Statements

Consolidated Financial Statements

Notes to Consolidated Financial Statements

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

Controls and Procedures

Other Information

Disclosure Regarding Foreign Jurisdictions that Prevent Inspections

PART III

Directors, Executive Officers and Corporate Governance

Executive Compensation

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

Certain Relationships and Related Transactions, and Director Independence

Principal Account ant Fees and Services

PART IV

Exhibit and Financial Statement Schedules

Form 10-K Summary

Signatures

Statistical Disclosure by Bank Holding Companies

Table of Contents

This Annual Report on Form 10-K contains forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995 that are subject to risks and uncertainties. You can identify forward-looking statements by words such as “believe,” “expect,” “anticipate,” “intend,” “plan,” “aim,” “will,” “may,” “should,” “could,” “would,” “likely,” “estimate,” “potential,” “continue” or other similar expressions. We discuss certain factors that affect our business and operations and that may cause our actual results to differ materially from these forward-looking statements under “Risk Factors” and “Cautionary Note Regarding Forward-Looking Statements.” You are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date on which they are made. We undertake no obligation to update publicly or revise any forward-looking statements.

This report includes trademarks, such as American Express ® , which are protected under applicable intellectual property laws and are the property of American Express Company or its subsidiaries. This report also contains trademarks, service marks, copyrights and trade names of other companies, which are the property of their respective owners. Solely for convenience, our trademarks and trade names referred to in this report may appear without the ® or ™ symbols, but such references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights or the right of the applicable licensor to these trademarks and trade names.

Throughout this report the terms “American Express,” “we,” “our” or “us,” refer to American Express Company and its subsidiaries on a consolidated basis, unless stated or the context implies otherwise. The use of the term “partner” or “partnering” in this report does not mean or imply a formal legal partnership, and is not meant in any way to alter the terms of American Express’ relationship with any third parties. Amounts presented in this report may not sum and percentages may not recalculate due to rounding. Refer to the “Glossary of Selected Terminology” under “MD&A” for the definitions of other key terms used in this report.

Table of Contents

PART I

ITEM 1.    BUSINESS

Overview

American Express is a global payments and premium lifestyle brand powered by technology. Founded in 1850 and headquartered in New York, American Express’ card-issuing, merchant-acquiring and card network businesses offer products and services to a broad range of customers, including consumers, small businesses, mid-sized companies and large corporations around the world.

Our range of products and services includes:

• Credit and charge cards and complementary products and services, including travel, dining, lifestyle and expense management products and services

• Banking and other payment and financing products and services, including deposits and non-card lending

• Merchant acquisition and processing, servicing and settlement, fraud prevention, and point-of-sale marketing and information products and services

• Network services

These products and services are offered through various channels, including mobile and online applications, affiliate marketing, customer referral programs, third-party service providers and business partners, in-house sales teams, direct mail, telephone and direct response advertising.

We were founded as a joint stock association and incorporated in 1965 as a New York corporation. American Express Company and its principal operating subsidiary, American Express Travel Related Services Company, Inc. (TRS), are bank holding companies under the Bank Holding Company Act of 1956, as amended (the BHC Act), subject to supervision and examination by The Board of Governors of the Federal Reserve System (the Federal Reserve).

We principally engage in businesses comprising four reportable operating segments: U.S. Consumer Services (USCS), Commercial Services (CS), International Card Services (ICS) and Global Merchant and Network Services (GMNS). Corporate functions and certain other businesses are included in Corporate & Other. Our businesses function together to form our end-to-end integrated payments platform, which we believe is a differentiator that underpins our business model. For further information about our reportable operating segments, see “Business Segment Results of Operations” under “MD&A.”

Table of Contents

Our Integrated Payments Platform and Technology

Through our card-issuing, merchant-acquiring and card network businesses, we are able to connect participants and provide differentiated value across the commerce path. We maintain direct relationships with Card Members (as a card issuer) and merchants (as an acquirer), which provides us with access to information at both ends of the card transaction, distinguishing our integrated payments platform from the bankcard networks. Through contractual relationships, we also obtain information from third-party card issuers, merchant acquirers, processors and payment facilitators with whom we do business.

Our integrated payments platform and the systems and infrastructure that underlie it provide us with data and analytics, while maintaining our commitment to respect Card Member preferences and protect Card Member and merchant data in compliance with applicable policies and legal requirements. Our models and analytical tools help us reduce fraud and underwrite risk, such as in determinations regarding the extension of credit. We also leverage our technology to provide differentiated value to customers, such as special offers and benefits to Card Members and targeted marketing and other information services for merchants and partners, as well as to develop and improve our customer interfaces and service capabilities to continue to deliver a high-quality customer experience. We also continue to explore ways to deploy new and developing technologies to enhance our payments platform and customer experience, such as uses for generative artificial intelligence (AI) and the integration of our products and services in agentic commerce.

Card Issuing Businesses

We are a leader in providing general purpose credit and charge cards to consumers, small businesses, mid-sized companies and large corporations. We offer a broad set of card products, rewards and services to this premium consumer and broad commercial customer base, in the United States and internationally, through our USCS, CS and ICS reportable operating segments. We focus on differentiating American Express Membership through our Membership Model of premium products, lifestyle services for consumers and business-centric solutions for our commercial customers, and benefits for our Card Members that we co-create and co-fund with our business partners. We believe the many benefits that come with American Express Membership build a strong, emotional connection with our brand across generations and geographies.

We acquire and retain high-spending, engaged and creditworthy Card Members by designing innovative credit, charge and debit card products and payment and lending solutions that appeal to our target customer base and meet their spending and borrowing needs. We seek to provide attractive value propositions to Card Members in a number of different ways, including:

• providing incentives to drive spending on our various card products and increase customer engagement, including our Membership Rewards ® and Amex Offers ™ programs, cash-back reward features, statement credits for purchases with partners, interest rates offered on deposits and participation in loyalty programs sponsored by our cobrand and other partners;

• offering an array of benefits, services and experiences through our Membership Model, such as lounge access, dining experiences, entertainment and other travel-, lifestyle- and business-related benefits; and

• delivering on our brand attributes of trust, security and service, including by providing exceptional levels of customer care.

A key element of our Membership Model is our development of a wide range of partner relationships, including to design, cobrand and distribute certain of our cards and provide benefits, services and experiences to our Card Members. We also enhance the American Express Membership experience through a suite of digital applications and tools, such as the new Amex Travel App that we launched in 2025, which make it easier for our Card Members to engage with our products and benefits and improve their service experience.

We regularly refresh many of our card products, such as the 2025 refresh of our U.S. Consumer and Business Platinum cards, to enhance their value propositions, increase engagement with existing customers and attract new customers. We also have a number of products that complement our card products. We offer banking and financing products such as high yield savings, business and consumer checking accounts, consumer installment loans and lines of credit offered to small businesses. We also provide non-card business-to-business (B2B) payment products and cash and expense management solutions to our commercial clients, which we are enhancing through our 2025 acquisition of Center, an expense management software company. In addition, we provide Card Members with reservation capabilities and elevated dining experiences through our dining platform spanning our network of Resy ® and Tock ® restaurants and venues.

For the year ended December 31, 2025, worldwide billed business (spending on American Express cards issued by us) was $1,670 billion and as of December 31, 2025, we had 86.6 million proprietary cards-in-force worldwide. Jurisdictions that represent a significant portion of our billed business include the United States, the United Kingdom, the European Union, Australia, Japan, Canada and Mexico.

Table of Contents

Merchant Acquiring Business

Our GMNS reportable operating segment builds and manages relationships with millions of merchants around the world that choose to accept American Express cards. This includes signing new merchants to accept our cards, agreeing on the discount rate (a fee charged to the merchant for accepting our cards) and handling servicing for merchants. We also build and maintain relationships with merchant acquirers, processors and payment facilitators to manage aspects of our merchant services business. For example, through our OptBlue ® merchant-acquiring program, these third parties contract directly with small merchants for card acceptance on our network and determine merchant pricing. We continue to grow merchant acceptance of American Express cards around the world and work with merchant partners so that our Card Members are warmly welcomed and encouraged to spend in the millions of places where their American Express cards are accepted. We also seek to drive greater usage of the American Express network by deepening merchant engagement and increasing Card Member awareness through initiatives such as our Shop Small ® campaigns and expanding our payment options such as through debit and B2B capabilities.

GMNS also provides fraud-prevention tools, marketing solutions, data analytics and other programs and services to merchants and other partners that leverage the capabilities of our integrated payments platform.

Card Network Business

We operate a payments network that processes and settles transactions across the globe. To enhance and extend the reach of our global network and broaden our customer base, we establish and maintain relationships with third-party banks and other institutions in approximately 110 countries and territories through our card network business. These network partners are licensed to issue American Express-branded cards in their countries and/or serve as the merchant acquirer for local merchants on our network.

For the year ended December 31, 2025, worldwide processed volume (spending on American Express cards issued by third parties as well as alternative payment solutions facilitated by American Express) was $227.2 billion and as of December 31, 2025, we had 66.2 million cards-in-force issued by third parties worldwide.

Diverse Customer Base and Global Footprint

The following chart provides a summary of our diverse set of customers and broad geographic footprint based on worldwide network volumes:

Table of Contents

Partners and Relationships

Our integrated payments platform allows us to work with a range of business partners, and our partners in return help drive the scale and relevance of the platform.

There are many examples of how we work with partners, including: issuing cards under cobrand arrangements with other corporations and institutions (e.g., Delta Air Lines (Delta), Marriott International, British Airways and Hilton Worldwide Holdings); providing greater value to our Card Members (e.g., Amex Offers and statement credits for purchases with partners); offering innovative ways for our Card Members to earn and use points with our merchants (e.g., Pay with Points at Amazon.com); expanding merchant acceptance with third-party acquirers and processors (e.g., OptBlue program participants); offering access to payment technologies, marketing solutions and brand assets for cards issued by third-party banks, financial technology companies and other institutions on the American Express network (e.g., cards offered by Coinbase and Credit Saison); integrating into expense management processes of our business customers (e.g., Emburse and SAP Concur); enhancing our travel and lifestyle benefits and services (e.g., Fine Hotels and Resorts ® ); and providing experiences and entertainment for Card Members (e.g., via Formula 1 and AEG Worldwide). We also have an equity investment in, and commercial arrangements with, Global Business Travel Group, Inc. (GBTG), which provides business travel-related services.

Delta is our largest strategic partner. Our relationships with, and revenues and expenses related to, Delta are significant and represent an important source of value for our Card Members. We issue cards under cobrand arrangements with Delta and the Delta cobrand portfolio continued to represent approximately 13 percent of worldwide billed business and approximately 21 percent of worldwide Card Member loans as of December 31, 2025. The Delta cobrand portfolio generates fee revenue and interest income from Card Members and discount revenue from Delta and other merchants for spending on Delta cobrand cards. The current Delta cobrand agreement runs through the end of 2029 and we expect to continue to make significant investments in this partnership. Among other things, Delta is also a key participant in our Membership Rewards program, provides travel-related benefits and services, including airport lounge access for certain American Express Card Members, accepts American Express cards as a merchant and is a corporate payments customer.

Working with all of our partners, we seek to provide value, choice and unique experiences across our customer base.

Our Premium Customer Base, Revenue Mix and Membership Model

We seek to attract premium, high-spending and high-credit-quality customers and our business model focuses on generating revenues primarily by driving spending on our cards and secondarily through finance charges and fees. Spending on our cards, which is higher on average on a per-card basis versus our network competitors, offers superior value to merchants in the form of loyal customers and larger transactions, and attracts partners to provide value to our Card Members and merchants. We also aim to meet the borrowing needs of our customers through a variety of card and non-card financing products, and we charge an annual fee on many of our card products, which helps support the value offered on those products. Because of the spend, lend and fee revenues we generate, we are able to invest in our Membership Model, which provides attractive rewards and other benefits for Card Members, as well as in marketing and payment solutions for merchants. This attracts new Card Members and creates incentives for Card Members to spend more on their cards, attracts merchants and partners to provide additional value to our Membership Model and positively differentiates American Express cards.

The American Express Brand and Service Excellence

Our brand and its attributes—trust, security and service—are key assets. We invest heavily in managing, marketing, promoting and protecting our brand, including through the delivery of our products and services in a manner consistent with our brand promise. The American Express brand is ranked among the most valuable brands in the world. We place significant importance on trademarks, service marks and patents, and seek to secure our intellectual property rights around the world.

We aim to provide the world’s best customer experience every day and our reputation for world-class service has been recognized by numerous awards over the years. Our customer care professionals, travel consultants and partners treat servicing interactions as an opportunity to bring the brand to life for our customers, add meaningful value and deepen relationships. We also utilize technology to provide customers with a range of servicing channels and tools designed to meet their preferences and enhance their service experience.

Table of Contents

Our Business Strategies

We seek to grow our business by focusing on five strategic imperatives:

First, we aim to expand our leadership in the premium consumer space by continuing to deliver membership benefits that span our customers’ everyday spending, borrowing, travel and lifestyle needs, expanding our roster of business partners around the globe and developing a range of experiences that attract high-spending customers.

Second, we seek to build on our strong position in commercial payments by evolving our card value propositions, further differentiating our corporate card and accounts payable expense management solutions and designing innovative products and features, including financing, banking and payment solutions for our business customers.

Third, we are focused on strengthening our global, integrated network by continuing to increase merchant acceptance, providing merchants with fraud protection services, marketing insights and connections to higher-spending Card Members and working with our network partners to offer expanded products and services.

Fourth, we want to continue to build on our unique global position, seeking ways to use our differentiated business model and global presence as we progress against our other strategic imperatives.

Finally, we seek to reimagine our customer and colleague experiences to drive innovation, improve productivity and efficiency and enhance customer satisfaction. We added this fifth strategic imperative as technology is transforming how we work and changing our customers’ expectations.

Table of Contents

Our Colleagues

Our colleagues are integral to executing our business strategies and to our overall success. As of December 31, 2025, we employed approximately 76,800 people, whom we refer to as colleagues, with approximately 25,900 colleagues in the United States and approximately 50,900 colleagues outside the United States.

We conduct an annual Colleague Experience Survey for colleagues to share their feedback about the work environment and culture at American Express, which helps us better understand colleague sentiment across several aspects of their experience including leadership, engagement, work life, risk and controls, career development and well-being. In 2025, 91 percent of colleagues who participated in the survey said they would recommend American Express as a great place to work.

At the heart of our workplace culture are our Blue Box Values, which are a set of guiding principles that serve as the foundation for how we operate as a company and lead. We believe that maintaining our strong culture, adhering to our Blue Box Values and ensuring that our people feel respected, valued, recognized and backed helps us attract, develop and engage the right talent for American Express’ success.

We support our colleagues with competitive total compensation packages, holistic well-being programs and opportunities for career growth and development to attract and retain top talent.

Competitive Total Compensation . Our compensation programs seek to recognize colleagues for their contributions, leadership and impact, and every colleague has the opportunity to share in American Express’ success. In addition, maintaining pay equity is an important part of our compensation philosophy and is reviewed annually to ensure colleagues are compensated fairly, based on key factors such as tenure, role, level, geography, merit and performance.

Holistic Well-Being . We also provide leading benefits and take a holistic approach to well-being, providing resources that address the physical, financial and mental health of our colleagues. We support our colleagues’ physical health and well-being through our corporate wellness program, Healthy Living, which highlights the importance of preventive care, encourages and rewards healthy actions, and delivers practical and accessible resources that promote a healthy lifestyle. We also offer resources and support for our colleagues’ mental health through our Healthy Minds Program, which provides colleagues and their household members with access to free counseling and a personalized health concierge service, and aims to increase mental health awareness across American Express. Our financial well-being program, Smart Saving, provides tools and resources to help colleagues build their financial knowledge and skills for all life stages.

Career Growth & Development . We provide colleagues at all levels with access to a wide variety of resources to support their ongoing career growth and leadership development. We start with opportunities for colleagues to learn on the job, build cross-functional skills and grow in their careers through a defined, collaborative process for performance management. Colleagues have access to a number of other resources, such as career coaching, mentoring, professional networking and rotation opportunities, as well as courses on-demand and with classroom-style instruction. To help support a culture of conduct and risk management, we also require colleagues undergo trainings on laws, regulations and policies applicable to them and American Express.

Table of Contents

Information About Our Executive Officers

Set forth below, in alphabetical order, is a list of our executive officers as of February 6, 2026, including each executive officer’s principal occupation and employment during the past five years. None of our executive officers has any family relationship with any other executive officer, and none of our executive officers became an officer pursuant to any arrangement or understanding with any other person. Each executive officer has been elected to serve until the next annual election of officers or until his or her successor is elected and qualified. Each officer’s age is indicated by the number in parentheses next to his or her name.

DOUGLAS E. BUCKMINSTER —

Vice Chairman

Mr. Buckminster (65) has been Vice Chairman since April 2021. Prior thereto, he had been Group President, Global Consumer Services Group since February 2018.

HOWARD GROSFIELD —

Group President, U.S. Consumer Services

Mr. Grosfield (57) has been Group President, U.S. Consumer Services since February 2025. Prior thereto, he had been President, U.S. Consumer Services since May 2022, Executive Vice President and General Manager of U.S. Consumer Marketing and Global Premium Services since February 2021 and Executive Vice President and General Manager of U.S. Consumer Marketing Services from January 2016 to February 2021.

MONIQUE R. HERENA —

Chief Colleague Experience Officer

Ms. Herena (54) has been Chief Colleague Experience Officer since April 2019.

RAYMOND JOABAR —

Group President, Global Commercial Services

Mr. Joabar (60) has been Group President, Global Commercial Services since February 2025. Prior thereto, he had been Group President, Global Merchant and Network Services since April 2021 and President, Global Risk and Compliance and Chief Risk Officer since September 2019.

CHRISTOPHE Y. LE CAILLEC —

Chief Financial Officer

Mr. Le Caillec (60) has been Chief Financial Officer (CFO) since August 2023. Prior thereto, he had been Deputy CFO since December 2021 and Head of Corporate Planning since February 2019.

RAFAEL MARQUEZ —

President, International Card Services

Mr. Marquez (54) has been President, International Card Services since May 2022. Prior thereto, he had been President, International Consumer Services and Global Loyalty Coalition since September 2019.

ANNA MARRS —

Group President, Global Merchant and Network Services

Ms. Marrs (52) has been Group President, Global Merchant and Network Services since February 2025. Prior thereto, she had been Group President, Global Commercial Services and Credit & Fraud Risk since April 2021 and President, Global Commercial Services since September 2018.

GLENDA MCNEAL —

Chief Partner Officer

Ms. McNeal (65) has been Chief Partner Officer since February 2024. Prior thereto, she had been President, Enterprise Strategic Partnerships since March 2017.

DENISE PICKETT —

President, Enterprise Shared Services

Ms. Pickett (60) has been President, Enterprise Shared Services since February 2025. Prior thereto, she had been President, Global Services Group since September 2019.

Table of Contents

RAVI RADHAKRISHNAN —

Chief Information Officer

Mr. Radhakrishnan (54) has been Chief Information Officer since January 2022. Mr. Radhakrishnan joined American Express from Wells Fargo & Company, where he served as Chief Information Officer for the Commercial Banking and Corporate & Investment Banking businesses since May 2020.

ELIZABETH RUTLEDGE —

Chief Marketing Officer

Ms. Rutledge (64) has been Chief Marketing Officer since February 2018.

LAUREEN E. SEEGER —

Chief Legal Officer

Ms. Seeger (64) has been Chief Legal Officer since July 2014.

JENNIFER SKYLER —

Chief Corporate Affairs Officer

Ms. Skyler (49) has been Chief Corporate Affairs Officer since October 2019.

STEPHEN J. SQUERI —

Chairman and Chief Executive Officer

Mr. Squeri (66) has been Chairman and Chief Executive Officer since February 2018.

DOUGLAS TABISH —

Chief Risk Officer

Mr. Tabish (56) has been Chief Risk Officer since April 2024. Prior thereto, he had been Executive Vice President and General Manager of Global Card & Risk Operations since January 2020.

Table of Contents

COMPETITION

We compete in the global payments industry with networks, issuers, acquirers and other payment service providers and methods of payment, including paper-based transactions (e.g., cash and checks) and electronic transfers (e.g., wire transfers and Automated Clearing House (ACH)), as well as evolving and growing alternative mechanisms, systems and products that leverage new technologies, business models and customer relationships to create payment, financing or banking solutions. The payments industry continues to undergo changes in response to evolving technologies, business dynamics and competition for premium customers.

As a card issuer, we compete with financial institutions that issue general-purpose credit and debit cards, as well as businesses that issue private label cards, operate mobile wallets, provide payment services or extend credit. We face intense competition in the premium space and for cobrand relationships, as both card issuer and network competitors have targeted high-spending customers and key business partners with attractive value propositions. For example, there is heightened competition with respect to several aspects of our Card Member value propositions, such as in partnerships and other differentiated offerings (e.g., lounge space in U.S. and global hub airports, dining experiences and other experiential offerings). Our banking products also face strong competition, such as with respect to the rates offered on deposits.

Our global card network competes in the global payments industry with other card networks, including, among others, Visa, China UnionPay, Mastercard, JCB, Discover and Diners Club International (the last two of which are owned by Capital One). We are the fourth largest general-purpose card network globally based on purchase volume, behind Visa, China UnionPay and Mastercard. In addition to such networks, we compete against a range of companies globally, including merchant acquirers, processors, payment facilitators and web- and mobile-based payment platforms (e.g., Alipay, PayPal and Shop Pay), as well as regional payment networks (such as the National Payments Corporation of India).

The principal competitive factors that affect card-issuing, merchant and network businesses include:

• The features, value and quality of the products and services, including customer care, rewards programs and offers, partnerships, travel-, lifestyle- and business-related benefits (including lounges, dining and other entertainment, as well as business tools), banking services and digital and mobile services, as well as the costs associated with providing such features and services

• Reputation and brand recognition

• The number, spending characteristics and credit performance of customers

• The quantity, diversity and quality of the establishments where the cards can be used

• The attractiveness of the value proposition to cardholders, corporate clients, merchants, merchant acquirers, card issuers and processors, payment facilitators and other payment intermediaries (including the relative cost and ease of using or accepting the products and services, and capabilities such as fraud prevention and data analytics)

• The number, quality and cost of other cards and other forms of payment and financing available to customers, as well as the integration and connectivity of those products

• The security of cardholder, merchant and network partner information

• The success of marketing and promotional campaigns

• The speed of innovation and investment in systems, technologies and product and service offerings

• The nature and quality of expense management tools, electronic payment methods and data capture and reporting capabilities, particularly for business customers

Table of Contents

Another aspect of competition is the dynamic and rapid growth of alternative payment and financing mechanisms, systems and products, which include payment facilitators and processors, digital payment, open banking and electronic wallet platforms, point-of-sale lenders and buy now, pay later products, real-time settlement and processing systems, financial technology companies, digital currencies developed by both the private sector and central banks, tokenization, blockchain and similar distributed ledger technologies, prepaid systems and gift cards, and systems linked to customer accounts or that provide payment solutions. The development of agentic commerce solutions, in which autonomous or semi-autonomous AI agents initiate and execute transactions on behalf of users, has accelerated as generative AI technologies have advanced and become more popular. In addition, the use of stablecoins, which can be used for payments in a number of settings, including in e-commerce and cross-border and B2B payments, has grown. The integration of these and other new or evolving technologies has the potential to create new or better competitor products, alter the competitive environment and reshape customer payment experiences, including in ways that disintermediate our relationship with customers. Furthermore, the business models and cost structures of competitors in these areas may differ from ours, such as those of certain financial technology companies, which can provide them with a number of advantages, including differing revenue streams, lower costs, greater scale or ability to pursue and adopt new technologies and less stringent regulatory requirements, and may enable them to disintermediate us from our customers. Additionally, various competitors are integrating more financial services into their product offerings and seeking to attain the benefits of an integrated payments platform, such as ours.

In addition to the discussion in this section, see “ Our operating results may materially suffer because of substantial and increasingly intense competition worldwide in the payments industry ” under “Risk Factors” for further discussion of the potential impact of competition on our business, and “ Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition ” and “ Legal proceedings regarding provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, could have a material adverse effect on our business and result in additional litigation and/or arbitrations, changes to our merchant agreements and/or business practices, substantial monetary damages and damage to our reputation and brand ” under “Risk Factors” for a discussion of the potential impact on our ability to compete effectively due to government regulations or if ongoing legal proceedings limit our ability to prevent merchants from engaging in various actions that discriminate against our card products.

Table of Contents

SUPERVISION AND REGULATION

Overview

We are subject to evolving and extensive government regulation and supervision in jurisdictions around the world, and the costs of ongoing compliance are substantial. The financial services industry is subject to rigorous scrutiny, high regulatory expectations, a range of regulations and a stringent and unpredictable enforcement environment.

Governmental authorities have focused, and we believe will continue to focus, considerable attention on reviewing compliance by financial services firms and payment systems with laws and regulations, and as a result, we continually work to evolve and improve our risk management framework, governance structures, practices and procedures. Reviews by us and governmental authorities to assess compliance with laws and regulations, as well as our own internal reviews to assess compliance with internal policies, including errors or misconduct by colleagues or third parties or control failures, have resulted in, and are likely to continue to result in, changes to our products, practices and procedures, restitution to our customers and increased costs related to regulatory oversight, supervision and examination. We have also been subject to regulatory actions and may continue to be the subject of such actions, including governmental inquiries, investigations, enforcement proceedings and the imposition of fines or civil money penalties, in the event of noncompliance or alleged noncompliance with laws or regulations.

Policymakers around the world continue to propose and adopt new and increasingly complex laws and regulations governing a wide variety of issues that may impact our business or change our operating environment in substantial and unpredictable ways. For example, legislators and regulators in various countries in which we operate have focused on the offering of consumer financial products and the operation of payment networks, resulting in changes to certain practices or pricing of card issuers, merchant acquirers and payment networks, and, in some cases, the establishment of broad and ongoing regulatory oversight regimes.

The following discussion summarizes elements of the extensive regulatory environment in which we operate; it does not purport to be complete or to describe all of the laws or regulations to which we are subject or all possible or proposed changes in laws or regulations that may become applicable to us. See “Operational and Compliance Risks” under “Risk Factors” for a discussion of the potential impact that changes in applicable law or regulation, and in their interpretation and application by regulatory agencies and other governmental authorities, may have on our business, results of operations and financial condition.

Banking Regulation

American Express entities are subject to banking regulation in the United States and in certain jurisdictions internationally. U.S. federal and state banking laws, regulations and policies extensively regulate the Company, TRS and our U.S. bank subsidiary, American Express National Bank (AENB). For purposes of this Supervision and Regulation section, the “Company” refers only to American Express Company, a bank holding company, and does not include its subsidiaries. Both the Company and TRS are subject to comprehensive consolidated supervision, regulation and examination by the Federal Reserve and AENB is supervised, regulated and examined by the Office of the Comptroller of the Currency (OCC) and with respect to certain matters by the Federal Deposit Insurance Corporation (FDIC). The Company and its subsidiaries are also subject to the rulemaking, enforcement and examination authority of the Consumer Financial Protection Bureau (CFPB). Banking regulators have broad examination and enforcement powers, including the power to impose substantial fines, limit dividends and other capital distributions, restrict operations and acquisitions and require divestitures, any of which could compromise our competitive position. Many aspects of our business also are subject to rigorous regulation by other U.S. federal and state regulatory agencies and by non-U.S. government agencies and regulatory bodies. For example, non-U.S. regulators supervising our international regulated financial institutions use many of the same principles of regulation and supervision that are used by U.S. federal bank regulators.

Table of Contents

Activities

The BHC Act generally limits bank holding companies to activities that are considered to be banking activities and certain closely related activities. As noted above, each of the Company and TRS is a bank holding company and each has elected to become a financial holding company, which is authorized to engage in a broader range of financial and related activities. In order to remain eligible for financial holding company status, the Company and TRS must meet certain eligibility requirements. Those requirements include that each of the Company and AENB must be “well capitalized” and “well managed,” and AENB must have received at least a “satisfactory” rating on its most recent assessment under the Community Reinvestment Act of 1977 (the CRA). The Company, TRS and their subsidiaries engage in various activities permissible only for financial holding companies, including, in particular, providing travel agency services, acting as a finder and engaging in certain insurance underwriting and agency services. If the Company fails to meet eligibility requirements for financial holding company status, it and its subsidiaries are likely to be barred from engaging in new types of financial activities or making certain types of acquisitions or investments in reliance on its status as a financial holding company, and ultimately could be required to either discontinue the broader range of activities permitted to financial holding companies or divest AENB. In addition, the Company and its subsidiaries are prohibited by law from engaging in practices that regulatory authorities deem unsafe or unsound (which such authorities generally interpret broadly) and regulatory authorities have discretion in determining whether new or modified activities can be conducted in a safe and sound manner.

Acquisitions and Investments

Applicable federal and state laws place limitations on the ability of persons to invest in or acquire control of us without providing notice to or obtaining the approval of one or more of our regulators. In addition, we are subject to banking laws and regulations that limit our investments and acquisitions and, in some cases, subject them to the prior review and approval of our regulators, including the Federal Reserve and the OCC. Federal banking regulators have broad discretion in evaluating proposed acquisitions and investments that are subject to their prior review or approval.

Enhanced Prudential Standards

The Company is subject to the U.S. federal bank regulatory agencies’ rules that tailor the application of enhanced prudential standards to bank holding companies and depository institutions with $100 billion or more in total consolidated assets. Under these rules, each such bank holding company is assigned to one of four categories based on its status as a U.S. global systemically important banking organization and five other risk-based indicators: (i) total assets, (ii) cross-jurisdictional activity, (iii) non-bank assets, (iv) off-balance sheet exposure, and (v) weighted short-term wholesale funding, with the most stringent requirements applying to Category I firms and the least stringent requirements applying to Category IV firms. Under these rules, the Company has been a Category III firm since 2024 as a result of the Company’s total consolidated assets exceeding $250 billion. Category III firms are subject to heightened capital, liquidity and prudential requirements, single-counterparty credit limits and additional stress tests, which in some cases are subject to a transition period. AENB, as a depository institution subsidiary of a Category III firm, is also subject to certain enhanced prudential standards under these tailoring rules as described below.

Further changes in the levels of the risk-based indicators described above, such as if we have $75 billion or more in cross-jurisdictional activity (based on a four-quarter trailing average), could result in the Company becoming a Category II firm and subject to more stringent capital, liquidity and prudential requirements. Our cross-jurisdictional activity was $76 billion as of December 31, 2025, and the four-quarter trailing average was $73 billion.

Capital and Liquidity Regulation

Capital Rules

The Company and AENB are required to comply with the applicable capital adequacy rules established by federal banking regulators. These rules are intended to ensure that bank holding companies and depository institutions (collectively, banking organizations) have adequate capital given their level of assets and off-balance sheet obligations. The federal banking regulators’ current capital rules (the Capital Rules) implement the Basel Committee on Banking Supervision’s (the Basel Committee) framework for strengthening international capital regulation, known as Basel III. For additional information regarding our capital ratios, see “Consolidated Capital Resources and Liquidity” under “MD&A.”

Table of Contents

Under the Capital Rules, banking organizations are required to maintain minimum ratios for Common Equity Tier 1 (CET1 capital), Tier 1 capital (that is, CET1 capital plus additional Tier 1 capital) and Total capital (that is, Tier 1 capital plus Tier 2 capital) to risk-weighted assets. We report our capital adequacy ratios using risk-weighted assets calculated under the standardized approach. Category III firms such as the Company are not subject to the advanced approaches capital requirements, whereas Category II firms are subject to the advanced approaches capital requirements under current capital rules, which introduce additional complexities in the methodologies used to calculate risk-weighted assets for purposes of determining capital adequacy ratios.

In 2017, the Basel Committee published standards that, among other things, revise the standardized approach for credit risk (including by recalibrating risk weights and introducing additional capital requirements for certain “unconditionally cancellable commitments” such as unused credit card lines of credit) and provide a new standardized calculation for operational risk capital requirements. In 2023, the U.S. federal bank regulatory agencies issued a notice of proposed rulemaking to implement and supplement the Basel Committee standards, which would have significantly revised U.S. regulatory capital requirements for large banking organizations, including the Company and AENB. The U.S. federal bank regulatory agencies have subsequently indicated that they intend to work on a revised proposal; however, any future rulemaking with respect to the Basel Committee standards remains uncertain. The ultimate impact of any such rulemaking will depend on a number of factors, including the content of the final rulemaking, future minimum regulatory requirements and management decisions regarding our product constructs, capital distributions and target capital levels, and such rulemaking could result in significantly higher regulatory capital requirements for the Company and AENB.

The Company and AENB must each maintain CET1 capital, Tier 1 capital and Total capital ratios of at least 4.5 percent, 6.0 percent and 8.0 percent, respectively. On top of these minimum capital ratios, the Company is subject to a dynamic stress capital buffer (SCB) composed entirely of CET1 capital with a floor of 2.5 percent and AENB is subject to a static 2.5 percent capital conservation buffer (CCB). The SCB equals (i) the difference between a bank holding company’s starting and minimum projected CET1 capital ratios under the supervisory severely adverse scenario under the Federal Reserve’s stress tests described below, plus (ii) one year of planned common stock dividends as a percentage of risk-weighted assets. The required minimum capital ratios for the Company may be further increased by a countercyclical capital buffer of up to an additional 2.5 percent of risk-weighted assets, if enacted by the Federal Reserve, which must be held in the form of CET1 capital. The countercyclical capital buffer is currently set at zero percent; however it could change in the future. If the Federal Reserve were to raise the countercyclical capital buffer, covered banking organizations such as the Company would generally have 12 months after the announcement of such increase to meet the increased buffer requirement, unless the Federal Reserve sets an earlier effective date.

On August 29, 2025, the Federal Reserve confirmed the SCB for the Company of 2.5 percent, which remained unchanged from the level announced in August 2024. As a result, the effective minimum ratios for the Company (taking into account the SCB requirement) and AENB (taking into account the CCB requirement) are 7.0 percent, 8.5 percent and 10.5 percent for the CET1 capital, Tier 1 capital and Total capital ratios, respectively. Banking organizations with ratios of CET1 capital, Tier 1 capital or Total capital to risk-weighted assets below these effective minimum ratios face constraints on discretionary distributions such as dividends, repurchases and redemptions of capital securities and executive compensation. A bank holding company’s SCB requirement is effective on October 1 of each year and will remain in effect through September 30 of the following year unless it is reset in connection with resubmission of a capital plan, as discussed below.

On April 17, 2025, the Federal Reserve issued a notice of proposed rulemaking that would make certain changes to the SCB calculation for Category I to III firms such as the Company, including (i) using the average of the maximum CET1 declines projected in each of the two most recent annual supervisory stress tests to determine a firm’s SCB, while retaining the 2.5 percent floor; and (ii) moving the effective date of the stress capital buffer requirement in a given year from October 1 to January 1.

The Company is also required to comply with minimum leverage ratio requirements. The leverage ratio is the ratio of a banking organization’s Tier 1 capital to its average total consolidated assets (as defined for regulatory purposes). The Company is also subject to a minimum supplementary leverage ratio, which is the ratio of Tier 1 capital to an expanded concept of leverage exposure that takes into account both on‐balance sheet assets and certain off‐balance sheet exposures. All banking organizations are required to maintain a leverage ratio of at least 4.0 percent, and Category III banking organizations such as the Company are required to maintain a minimum supplementary leverage ratio of 3.0 percent.

Table of Contents

Liquidity Regulation

The Company and AENB are subject to two standards for liquidity risk supervision as implemented by the Federal Reserve and OCC: the minimum liquidity coverage ratio (LCR) and the net stable funding ratio (NSFR). The LCR is designed to ensure that a banking entity maintains an adequate level of unencumbered high-quality liquid assets to meet its liquidity needs for a 30-day time horizon under an acute liquidity stress scenario specified by supervisors. The LCR measures the ratio of a firm’s high-quality liquid assets to its projected net outflows. The NSFR requires a minimum amount of longer-term funding sources based on the assets, commitments and derivative exposures of banking entities. As a Category III firm with less than $75 billion in weighted short-term wholesale funding, the Company, and its depository institution subsidiary, AENB, are required to calculate the LCR and NSFR on a daily basis, with total net cash outflows and required stable funding, respectively, multiplied by an adjustment of 85 percent. The Company is required to make public disclosures related to its LCR on a quarterly basis beginning with respect to the first quarter of 2026 and NSFR on a semi-annual basis beginning with respect to the first and second quarters of 2026. Category II firms and their depository institution subsidiaries are subject to the full requirements of the LCR and NSFR, as well as a requirement to submit a liquidity monitoring report on a daily (rather than monthly) basis.

In addition, the Federal Reserve’s enhanced prudential standards rule includes heightened liquidity and risk management requirements. The rule requires the maintenance of a liquidity buffer, consisting of highly liquid assets, that is sufficient to meet projected net outflows for 30 days over a range of liquidity stress scenarios. In contrast to the LCR, which is a standardized approach, the liquidity buffer requirement is calculated based on the Company’s own models.

Stress Testing and Capital Planning

Under the Federal Reserve’s regulations, the Company is subject to annual supervisory stress testing requirements and biennial company-run stress testing requirements (commonly referred to as Dodd-Frank Act Stress Tests or “DFASTs”) that are designed to evaluate whether a bank holding company has sufficient capital on a total consolidated basis to absorb losses and support operations under adverse economic conditions. Category II firms are required to conduct DFASTs on an annual rather than biennial basis.

As part of the Comprehensive Capital Analysis and Review (CCAR), the Federal Reserve uses pro-forma capital positions and ratios under stress scenarios to determine the size of the SCB for each CCAR participating firm. The Company is required to develop and submit to the Federal Reserve an annual capital plan and stress testing results on or before April 5 of each year.

The Company may be required to revise and resubmit its capital plan following certain events or developments, such as a significant acquisition or an event that could result in a material change in its risk profile or financial condition. If the Company is required to resubmit its capital plan, it must receive prior approval from the Federal Reserve for any capital distributions (including common stock dividend payments and share repurchases), other than a capital distribution on a newly issued capital instrument.

Dividends and Other Capital Distributions

The Company and TRS, as well as AENB and the Company’s insurance and other regulated subsidiaries, are limited in their ability to pay dividends by statutes, regulations and supervisory policy.

Common stock dividend payments and share repurchases by the Company are subject to the oversight of the Federal Reserve and the outcome of the annual CCAR stress testing exercise, as described above. The Company will be subject to limitations and restrictions on capital distributions if, among other things, (i) the Company’s regulatory capital ratios do not satisfy applicable minimum requirements and buffers or (ii) the Company is required to resubmit its capital plan.

In general, federal laws and regulations prohibit, without first obtaining the OCC’s approval, AENB from making dividend distributions to TRS, if such distributions are not paid out of available recent earnings or would cause AENB to fail to meet capital adequacy standards. In addition to specific limitations on the dividends AENB can pay to TRS, federal banking regulators have authority to prohibit or limit the payment of a dividend if, in the banking regulator’s opinion, payment of a dividend would constitute an unsafe or unsound practice in light of the financial condition of the institution.

Prompt Corrective Action

The Federal Deposit Insurance Act (FDIA) requires, among other things, that federal banking regulators take prompt corrective action in respect of depository institutions insured by the FDIC (such as AENB) that do not meet minimum capital requirements. The FDIA establishes five capital categories for FDIC-insured banks: well capitalized, adequately capitalized, undercapitalized, significantly undercapitalized and critically undercapitalized. The FDIA imposes progressively more restrictive constraints on operations, management and capital distributions, depending on the capital category in which an institution is classified. In order to be considered “well capitalized,” AENB must maintain CET1 capital, Tier 1 capital, Total capital and Tier 1 leverage ratios of 6.5 percent, 8.0 percent, 10.0 percent and 5.0 percent, respectively.

Table of Contents

Under the FDIA, AENB could be prohibited from accepting brokered deposits (i.e., deposits raised through third-party brokerage networks) or offering interest rates on any deposits significantly higher than the prevailing rate in its normal market area or nationally (depending upon where the deposits are solicited), unless (1) it is well capitalized or (2) it is adequately capitalized and receives a waiver from the FDIC. A portion of our outstanding U.S. retail deposits are considered brokered deposits for bank regulatory purposes. If a federal regulator determines that we are in an unsafe or unsound condition or that we are engaging in unsafe or unsound banking practices, the regulator may reclassify our capital category or otherwise place restrictions on our ability to accept or solicit brokered deposits.

Resolution Planning

Certain bank holding companies are required to submit resolution plans to the Federal Reserve and FDIC providing for the company’s strategy for rapid and orderly resolution in the event of its material financial distress or failure. As a Category III firm, the Company is required to submit a holding company resolution plan every three years, with submissions alternating between a full plan and a plan targeted on certain areas or subjects identified by the Federal Reserve and the FDIC. The Company submitted its most recent holding company resolution plan in 2025. If the Federal Reserve and the FDIC determine that the Company’s plan is not credible and we fail to cure the deficiencies, we may be subject to more stringent capital, leverage or liquidity requirements; may be subject to more restrictions on our growth, activities or operations; or may ultimately be required to divest certain assets or operations to facilitate an orderly resolution.

AENB continues to be required to prepare and provide a separate resolution plan to the FDIC that would enable the FDIC, as receiver, to effectively resolve AENB under the FDIA in the event of failure. In 2024, the FDIC issued a final rule revising its resolution plan requirements for insured depository institutions, which requires certain insured depository institutions with $100 billion or more in assets, including AENB, to submit full resolution plans every three years with interim supplements in non-submission years. AENB submitted its initial interim supplement in 2025 and will be required to submit its initial resolution plan under the final rule on or before July 1, 2026.

Orderly Liquidation Authority

The Company could become subject to the Orderly Liquidation Authority (OLA), a resolution regime under which the Treasury Secretary may appoint the FDIC as receiver to liquidate a systemically important financial institution, if the Company is in danger of default and is determined to present a systemic risk to U.S. financial stability. As under the FDIC resolution model, under the OLA, the FDIC has broad power as receiver. Substantial differences exist, however, between the OLA and the U.S. Bankruptcy Code, including the right of the FDIC under the OLA to disregard the strict priority of creditor claims in limited circumstances, the use of an administrative claims procedure to determine creditor claims (as opposed to the judicial procedure used in bankruptcy proceedings), and the right of the FDIC to transfer claims to a “bridge” entity.

The FDIC has developed a strategy under OLA, referred to as the “single point of entry” or “SPOE” strategy, under which the FDIC would resolve a failed financial holding company by transferring its assets (including shares of its operating subsidiaries) and, potentially, very limited liabilities to a “bridge” holding company; utilize the resources of the failed financial holding company to recapitalize the operating subsidiaries; and satisfy the claims of unsecured creditors of the failed financial holding company and other claimants in the receivership by delivering securities of one or more new financial companies that would emerge from the bridge holding company. Under this strategy, management of the failed financial holding company would be replaced and its shareholders and creditors would bear the losses resulting from the failure.

FDIC Powers upon Insolvency of AENB

If the FDIC is appointed the conservator or receiver of AENB, the FDIC has the power to: (1) transfer any of AENB’s assets and liabilities to a new obligor without the approval of AENB’s creditors; (2) enforce the terms of AENB’s contracts pursuant to their terms; or (3) repudiate or disaffirm any contract or lease to which AENB is a party, the performance of which is determined by the FDIC to be burdensome and the disaffirmation or repudiation of which is determined by the FDIC to promote the orderly administration of AENB. In addition, the claims of holders of U.S. deposit liabilities and certain claims for administrative expenses of the FDIC against AENB would be afforded priority over other general unsecured claims against AENB, including claims of debt holders and depositors in non-U.S. offices, in the liquidation or other resolution of AENB. As a result, regardless of whether the FDIC ever sought to repudiate any debt obligations of AENB, the debt holders and depositors in non-U.S. offices would be treated differently from, and could receive substantially less, if anything, than the depositors in the U.S. offices of AENB.

Table of Contents

Other Banking Regulations

Source of Strength

The Company is required to act as a source of financial and managerial strength to its U.S. bank subsidiary, AENB, and may be required to commit capital and financial resources to support AENB. Such support may be required at times when, absent this requirement, the Company otherwise might determine not to provide it. Capital loans by the Company to AENB are subordinate in right of payment to deposits and to certain other indebtedness of AENB. In the event of the Company’s bankruptcy, any commitment by the Company to a federal banking regulator to maintain the capital of AENB will be assumed by the bankruptcy trustee and entitled to a priority of payment.

Transactions Between AENB and its Affiliates

Certain transactions (including loans and credit extensions from AENB) between AENB and its affiliates (including the Company, TRS and their other subsidiaries) are subject to quantitative and qualitative limitations, collateral requirements and other restrictions imposed by statute and regulation. Transactions subject to these restrictions are generally required to be made on an arm’s-length basis.

FDIC Deposit Insurance and Insurance Assessments

AENB accepts deposits that are insured by the FDIC up to the applicable limits. Under the FDIA, the FDIC may terminate the insurance of an institution’s deposits upon a finding that the institution has engaged in unsafe or unsound practices; is in an unsafe or unsound condition to continue operations; or has violated any applicable law, regulation, rule, order or condition imposed by the FDIC. We do not know of any practice, condition or violation that would lead to termination of deposit insurance at AENB. The FDIC’s deposit insurance fund is funded by assessments on insured depository institutions, including AENB, which are subject to adjustment by the FDIC.

Community Reinvestment Act

AENB is subject to the CRA, which imposes affirmative, ongoing obligations on depository institutions to meet the credit needs of their local communities, including low- and moderate-income neighborhoods, consistent with the safe and sound operation of the institution. AENB is currently designated a “limited purpose bank” under CRA regulations.

Consumer Financial Products Regulation

Our consumer-oriented activities are subject to regulation and supervision in the United States and internationally. In the United States, our marketing, sale and servicing of consumer financial products and our compliance with certain federal consumer financial laws are supervised and examined by the CFPB, which has broad rulemaking and enforcement authority over providers of credit, savings and payment services and products, and authority to prevent “unfair, deceptive or abusive” acts or practices. The CFPB has the authority to write regulations under federal consumer financial protection laws, to enforce those laws and to examine for compliance. It is also authorized to collect fines and require consumer restitution in the event of violations, engage in consumer financial education, track consumer complaints, request data and promote the availability of financial services to underserved consumers and communities. U.S. federal law also regulates abusive debt collection practices, which, along with bankruptcy and debtor relief laws, can affect our ability to collect amounts owed to us or subject us to regulatory scrutiny. In addition, a number of U.S. states have significant consumer credit protection, disclosure and other laws (in certain cases more stringent than U.S. federal laws). State regulators and state attorneys general may increase regulatory, investigative and enforcement activity with respect to consumer protection, including in response to changes in regulation, supervision and enforcement of consumer protection laws by federal regulators.

In 2024, the CFPB issued a final rule on personal financial data rights that requires financial institutions, including us, and other financial service providers (collectively referred to as data providers) to provide consumers and consumer-authorized third parties with access to consumers’ financial data in electronic form free of charge. In July 2025, a court granted the CFPB’s request to stay litigation challenging the final rule following the CFPB’s announcement that it would reexamine the final rule and in August 2025, the CFPB issued an advance notice of proposed rulemaking seeking input to inform its revisions to the final rule. While the impact of the CFPB’s rulemaking will depend upon the content of the final rule, this rulemaking and other open banking initiatives have the potential to change the competitive landscape, presenting challenges to our business model, such as limiting advantages provided by our integrated payments platform, as well as opportunities since we may also act as an authorized third party and receive data from data providers.

Table of Contents

We are also regulated in the United States under the “money transmitter” or “sale of check” laws in effect in most states. In addition, we are required by the laws of many states to comply with unclaimed and abandoned property laws, under which we must pay to states the face amount of any Travelers Cheque or prepaid card that is uncashed or unredeemed after a period of time depending on the type of product. Additionally, we are regulated under insurance laws in the United States and other countries where we offer insurance services. Our merchant acquiring business, and the third-party merchant acquirers, processors and payment facilitators with whom we have relationships, are also subject to certain aspects of regulation under consumer protection laws, such as by the Federal Trade Commission.

In countries outside the United States, regulators continue to focus on a number of key areas impacting our card-issuing businesses, particularly consumer protection (such as in the EU, the UK and Canada) and responsible lending (such as in Australia, Mexico, New Zealand and Singapore), with increasing importance on and attention to customers and outcomes rather than just ensuring compliance with local rules and regulations. For example, the Financial Conduct Authority’s Consumer Duty in the UK, among other things, requires firms to act to deliver “good outcomes” for retail customers with respect to products and services, price and value, consumer understanding and consumer support. Regulators’ expectations of firms in relation to their compliance, risk and control frameworks continue to increase and regulators are placing significant emphasis on a firm’s systems and controls relating to the identification and resolution of issues.

Payments Regulation

Legislators and regulators in various countries in which we operate have focused on the operation of card networks, including through enforcement actions, legislation and regulations to change certain practices or pricing of card issuers, merchant acquirers and payment networks, and, in some cases, to establish broad regulatory regimes for payment systems.

Pricing for card acceptance, including interchange fees (that is, the fee paid by the bankcard merchant acquirer to the card issuer in payment networks like Visa and Mastercard), has been a focus of legislators and regulators in Australia, Canada, the EU, the United States and other jurisdictions. Recently, certain states in the United States have passed or are considering laws prohibiting interchange from being charged on all or certain components of transactions, such as sales tax and gratuities. Jurisdictions have also sought to regulate various other aspects of network operations and contract terms and practices governing merchant card acceptance, including information associated with electronic transactions, such as state legislation regarding the use of specific merchant categories codes or limiting the use of transaction data.

Regulation and other governmental actions relating to operations, pricing or practices could affect all networks and/or acquirers directly or indirectly, as well as adversely impact consumers and merchants. Among other things, regulation of bankcard fees has negatively impacted, and may continue to negatively impact, the discount revenue we earn, including as a result of downward pressure on our merchant discount rates from decreases in competitor pricing in connection with caps on interchange fees. In some cases, regulations also extend to certain aspects of our business, such as network and cobrand arrangements or the terms of card acceptance for merchants. For example, we exited our network business in the EU and Australia as a result of regulation in those jurisdictions. In addition, there is uncertainty as to when or how interchange fee caps and other provisions of the EU payments legislation might apply when we work with cobrand partners and agents in the EU. In 2018, the EU Court of Justice (CJEU) confirmed the validity of fee capping and other provisions in circumstances where three-party networks issue cards with a cobrand partner or through an agent, although its ruling provided only limited guidance as to when or how the provisions might apply in such circumstances and remains subject to differing interpretations by regulators and participants in cobrand arrangements. In 2024, the CJEU held a hearing on questions referred by the Dutch Trade and Industry Appeals Tribunal regarding the interpretation of the application of the interchange fee caps in connection with an administrative proceeding by the Netherlands Authority for Consumers and Markets regarding our cobrand relationship with KLM Royal Dutch Airlines. As a precursor to the CJEU’s final ruling, an advisory opinion was issued by the Advocate General in March 2025, advising the CJEU that our payments to the cobrand partner can be subject to the interchange fee caps but certain payments and services provided by the cobrand partner could potentially be netted against such payments for purposes of determining the capped amount. The advisory opinion is not binding on the CJEU and there can be no assurance as to the outcome of the proceeding. Given differing interpretations by regulators and participants in cobrand arrangements, we are subject to regulatory action, penalties and the possibility we will not be able to maintain our existing cobrand and agent relationships in the EU. See “ Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition ” under “Risk Factors.”

Table of Contents

In various countries, such as certain Member States in the EU, Australia and Canada (other than in the Province of Quebec), merchants are permitted by law to surcharge card purchases. Certain jurisdictions are also reconsidering or may in the future reconsider their laws relating to surcharging, such as in Australia where the central bank released a consultation paper in July 2025 proposing to remove surcharging on designated card networks; however, the implementation and impact of any such proposals remain uncertain. In the United States, a number of state laws that prohibit surcharging have been overturned and certain states have passed or are considering laws to permit surcharging by merchants. In jurisdictions allowing surcharging, we have seen an increase in merchant surcharging on American Express cards, particularly in certain merchant categories. Surcharging is an adverse customer experience and could have a material adverse effect on us, particularly where it only or disproportionately impacts credit card usage or card usage generally, our Card Members or our business. In addition, we also encounter steering or differential acceptance practices by merchants, which could also have a material adverse effect on us. See “ Surcharging, steering or other differential acceptance practices by merchants could materially adversely affect our business and results of operations ” under “Risk Factors.”

Central banks and other regulators have also established, or are seeking to establish, oversight over payment networks and other participants, including with respect to governance, risk management, resilience, transparency and access. For example, in November 2025, the Central Bank of Brazil issued a resolution which, among other things, will increase the responsibility of payment networks for the settlement of transactions on the network, including obligations in relation to issuer defaults, under revised network rules to be submitted by May 2026. Additionally, governments in some countries have established regulatory regimes that require international card networks to be locally licensed and/or to localize aspects of their operations. For example, the Reserve Bank of India, which has broad power under the Payment and Settlement Systems Act, 2007 to regulate the membership and operations of card networks, issued a mandate requiring payment systems operators in India to store certain payments data locally. In 2021, it imposed restrictions on American Express Banking Corp. from engaging in certain card issuing activities in India, which were lifted in 2022 following significant investment in technology, infrastructure and resources to comply with the regulation. The development and enforcement of these and other similar laws, regulations and policies heightens our exposure to third parties, increases costs and complexity of doing business and adversely affects our ability to compete effectively and maintain and extend our global network.

Privacy, Data Protection, Data Management, AI, Resiliency, Information Security and Cybersecurity

Regulatory and legislative activity in the areas of privacy, data protection, data management, AI, resiliency, information security and cybersecurity continues to increase worldwide. We have established, and continue to maintain, policies and a governance framework to comply with applicable laws and requirements in these areas, meet evolving customer and industry expectations and support and enable business innovation and growth; however, our policies and governance framework may not be sufficient given the size and complexity of our business and heightened regulatory scrutiny.

Our regulators are increasingly focused on ensuring that our privacy, data protection, data management, AI, resiliency, information security and cybersecurity-related policies and procedures are adequate to inform customers of our data collection, use, sharing, retention and/or security practices, to provide them with choices, if required, about how we use and share their information, and to appropriately safeguard their personal information and account access. Regulators are also focused on end-to-end management of data, technology infrastructure and architecture, technology operations, resiliency and business continuity, and third-party risk management policies and practices, with regulatory expectations continuing to increase as we grow in size. For example, the EU Digital Operational Resilience Act requires EU financial entities to have a comprehensive governance and risk management framework for information and communications technology risk. In addition, regulators and legislators have heightened their focus on the use of AI and machine learning (ML) through the application of existing laws and regulations as well as by adopting new laws and regulations, such as the EU AI Act and AI legislation in several U.S. states (e.g., in California, Colorado and Utah). These new and emerging laws and regulations are reshaping how we develop, deploy and manage AI systems, including by imposing new obligations related to data use, recordkeeping, transparency and human oversight.

In the United States, certain of our businesses are subject to the privacy, disclosure and safeguarding provisions of the Gramm-Leach-Bliley Act (GLBA) and its implementing regulations and guidance. Among other things, GLBA imposes certain limitations on our ability to share consumers’ nonpublic personal information with nonaffiliated third parties and requires us to develop, implement and maintain a written comprehensive information security program containing safeguards that are appropriate to the size and complexity of our business, the nature and scope of our activities and the sensitivity of customer information that we process. We also have expanded privacy-related obligations with respect to California residents who are not covered by GLBA, pursuant to the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020. Various regulators and other U.S. states and territories are considering similar requirements or have adopted laws, rules and regulations pertaining to privacy and/or information security and cybersecurity that may be more stringent and/or expansive than federal requirements.

Table of Contents

We are also subject to certain privacy, data protection, data management, AI, resiliency, information security and cybersecurity laws in other countries in which we operate, some of which are more stringent and/or expansive than those in the United States and may conflict with each other. The EU and UK General Data Protection Regulations (GDPR) impose legal and compliance obligations on companies that process personal data of individuals in the EU and UK, irrespective of the geographical location of the company, with the potential for significant fines for non-compliance (up to 4 percent of total annual worldwide revenue). The EU and UK GDPR also include requirements concerning the cross-border transfer of personal data and prompt notification of data breaches, in certain circumstances, to affected individuals and supervisory authorities. We are also subject to certain data protection laws in Member States in the EU, which may be more stringent than the EU GDPR. Other countries have also adopted or are considering similar omnibus privacy laws, including Australia, Brazil, Canada, China, India, Japan, the Philippines, Singapore, South Korea and Thailand. Certain countries also require in-country data processing and/or in-country storage of data or for us to provide foreign governments and other third parties broader access to our data and intellectual property. Data breach and operational outage notification laws or regulatory activities to encourage such notifications and regulatory activity and laws around resiliency, business continuity and third-party risk management are also becoming more prevalent in jurisdictions outside the United States in which we operate.

Our privacy and data protection programs have become the subject of heightened scrutiny and review in certain jurisdictions, including in the EU, and we continue to enhance our privacy program to comply with applicable requirements and regulatory expectations. Our compliance with the various and often diverging legal frameworks around privacy, data protection, AI, resiliency, information security and cybersecurity, as well as increased regulatory and legislative activity in these areas, may result in higher technology, administrative and other operational costs and hinder our ability to deploy and scale technology, innovate quickly and effectively utilize data.

Anti-Money Laundering, Countering the Financing of Terrorism, Economic Sanctions and Anti-Corruption Compliance

We are subject to significant supervision and regulation, and an increasingly stringent enforcement environment, with respect to compliance with anti-money laundering (AML), countering the financing of terrorism (CFT), sanctions and anti-corruption laws and regulations. Failure to maintain and implement adequate programs and policies and procedures for AML/CFT, sanctions and anti-corruption compliance could have material financial, legal and reputational consequences. Additionally, our AML/CFT, sanctions and anti-corruption compliance programs may limit our ability to pursue certain business opportunities or affect our relationships with certain partners, service providers and other third parties.

Anti-Money Laundering and Countering the Financing of Terrorism

We are subject to a significant number of AML/CFT laws and regulations globally.

In the United States, the majority of AML/CFT requirements are derived from the Currency and Foreign Transactions Reporting Act and the accompanying regulations issued by the U.S. Department of the Treasury (collectively referred to as the Bank Secrecy Act), as amended by the USA PATRIOT Act of 2001. The Anti-Money Laundering Act of 2020 (the AMLA), enacted in January 2021, amended the Bank Secrecy Act and is intended to comprehensively reform and modernize U.S. AML/CFT laws. Many of the statutory provisions in the AMLA will require additional rulemakings, reports and other measures, and the impact of the AMLA will depend on, among other things, rulemaking and implementation guidance.

In Europe, AML/CFT requirements are largely the result of countries transposing the 5th and 6th EU Anti-Money Laundering Directives (and preceding EU Anti-Money Laundering Directives) into local laws and regulations. Numerous other countries have also enacted or proposed new or enhanced AML/CFT legislation and regulations applicable to American Express.

Among other things, these laws and regulations generally require us to establish AML/CFT programs that meet certain standards, including policies and procedures to collect information from and verify the identities of our customers, and to monitor for and report suspicious transactions, in addition to other information gathering and recordkeeping requirements. Our AML/CFT programs have become the subject of heightened scrutiny and we are working to make enhancements to our existing programs, policies and procedures and to identify and remediate deficiencies. Errors, failures or delays in complying with AML/CFT laws, deficiencies in our AML/CFT programs or association of our business with money laundering, terrorist financing, tax fraud or other illicit activity could give rise to significant supervisory, criminal and civil proceedings and lawsuits, which could result in significant penalties and forfeiture of assets, loss of licenses or restrictions on business activities, or other enforcement actions.

Table of Contents

Economic Sanctions

National governments and international bodies, such as the United Nations and the EU, have imposed economic sanctions against individuals, entities, vessels, governments, regions and countries that endanger their interests or violate international norms of behavior. Sanctions have been used to advance a range of foreign policy goals, including conflict resolution, counterterrorism, counternarcotics and promotion of democracy and human rights, among other national and international interests. We maintain a global sanctions compliance program designed to meet the requirements of applicable sanctions regimes. Failure to comply with such requirements could subject us to serious legal and reputational consequences, including criminal penalties.

The United States has imposed economic sanctions that affect transactions involving targeted jurisdictions, parties or activities. The U.S. Department of the Treasury’s Office of Foreign Assets Control (OFAC) administers most U.S. sanctions. OFAC regulations prohibit U.S. persons from engaging in financial transactions with or relating to, or other dealings involving, a targeted individual, entity, vessel, government or country without a license or other authorization. OFAC regulations require U.S. persons to block property and property interests of parties on OFAC’s Specially Designated Nationals and Blocked Persons List and entities owned 50 percent or more by one or more Specially Designated Nationals. Blocked property (e.g., bank deposits or other financial assets) cannot be paid out, withdrawn, set off or transferred in any manner without a license from OFAC. Regulatory authorities in other international jurisdictions, such as the UK and Member States in the EU, administer similar programs to U.S. sanction programs.

Anti-Corruption

We are subject to complex anti-corruption laws and regulations, including the U.S. Foreign Corrupt Practices Act (the FCPA), the UK Bribery Act and other laws that prohibit the making or offering of improper payments. The FCPA makes it illegal to corruptly offer or provide anything of value to foreign government officials, political parties or political party officials for the purpose of obtaining or retaining business or an improper advantage. The FCPA also requires us to strictly comply with certain accounting and internal controls standards. The UK Bribery Act also prohibits commercial bribery and the receipt of a bribe, and makes it a corporate offense to fail to prevent bribery by an associated person, in addition to prohibiting improper payments to foreign government officials. Failure by us or our colleagues, contractors or agents to comply with the FCPA, the UK Bribery Act and other similar laws can expose us and/or individual colleagues to investigation, prosecution and potentially severe criminal and civil penalties.

Compensation Practices

Our compensation practices are subject to oversight by the Federal Reserve and the OCC. The federal banking regulators’ guidance on sound incentive compensation practices sets forth three key principles for incentive compensation arrangements that are designed to help ensure that incentive compensation plans do not encourage imprudent risk-taking and are consistent with the safety and soundness of banking organizations. The three principles provide that a banking organization’s incentive compensation arrangements should (1) provide incentives that appropriately balance risk and financial results in a manner that does not encourage employees to expose their organizations to imprudent risks, (2) be compatible with effective internal controls and risk management and (3) be supported by strong corporate governance, including active and effective oversight by the organization’s board of directors. Any deficiencies in our compensation practices that are identified by the banking regulators in connection with their review of our compensation practices may be incorporated into our supervisory ratings, which can affect our ability to make acquisitions or perform other actions. Enforcement actions may be taken against us if our incentive compensation arrangements or related risk-management control or governance processes are determined to pose a risk to our safety and soundness, and we have not taken prompt and effective measures to correct the deficiencies.

The Dodd-Frank Act requires U.S. financial regulators, including the Federal Reserve and the Securities and Exchange Commission (SEC), to adopt rules on incentive-based payment arrangements at specified regulated entities having at least $1 billion in total assets. In 2016, the federal banking regulators, the SEC, the Federal Housing Finance Agency and the National Credit Union Administration proposed revised rules on incentive-based compensation practices, which were reproposed by certain of those agencies in 2024, but have not yet been finalized. If these or other regulations are adopted in a form similar to what has been proposed, they will impose limitations on the manner in which we may structure compensation for our colleagues, which could adversely affect our ability to hire, retain and motivate key colleagues.

Table of Contents

ADDITIONAL INFORMATION

We maintain an Investor Relations website at https://ir.americanexpress.com. We make available free of charge, on or through this website, our annual, quarterly and current reports and any amendments to those reports as soon as reasonably practicable following the time they are electronically filed with or furnished to the SEC.

In addition, we routinely post financial and other information, some of which could be material to investors, on our Investor Relations website. Information regarding our corporate sustainability initiatives and related disclosures are available on our Investor Relations website and on the Corporate Sustainability section of our website at https://www.americanexpress.com/en-us/company/corporate-sustainability.

The content of any of our websites referred to in this report is not incorporated by reference into this report or any other report filed with or furnished to the SEC. We have included such website addresses only as inactive textual references and do not intend them to be active links.

Our business as a whole has not experienced significant seasonal fluctuations, although billed business tends to be moderately higher in the fourth quarter than in other quarters. As a result, the amount of Card Member loans and receivables outstanding tends to be moderately higher during that quarter. Additionally, we tend to have a higher proportion of retail-related billed business in the fourth quarter, which on average has a slightly lower merchant discount rate.

Table of Contents

ITEM 1A.    RISK FACTORS

This section highlights certain risks that could affect us and our businesses, broadly categorized in accordance with the risk types identified in our risk governance framework: “Strategic and Reputational Risks,” “Operational and Compliance Risks” and “Credit, Market and Liquidity Risks.” You should carefully consider each of the following risks and all of the other information set forth in this Annual Report on Form 10-K, including in “Risk Management” under “MD&A,” which describes our approach to identifying, monitoring and managing the risks we assume in conducting our businesses and provides certain quantitative and qualitative disclosures about market risks. Although we have devoted and continue to devote significant resources to develop and strengthen our risk management capabilities and control environment, we may not be successful in meeting regulatory expectations and managing the risks to which we are exposed.

The risks and uncertainties we face are not limited to those described below. Additional risks and uncertainties not presently known to us or that we currently believe to be immaterial may also adversely affect our business.

Strategic and Reputational Risks

Macroeconomic conditions are a major driver of our results of operations and changes in the business and economic environment may materially adversely affect our business.

We offer a broad array of products and services to consumers, small businesses, mid-sized companies and large corporations and thus are very dependent upon the level of consumer and business activity and the demand for payment and financing products. Slow economic growth, economic contraction, persistent inflationary pressures or shifts in broader consumer and business trends can significantly impact customer behaviors, including spending on our cards, the ability and willingness of Card Members to borrow and pay amounts owed to us, demand for fee-based products and services and levels of customers’ deposits with us.

Factors such as consumer spending and confidence, household income and housing prices, levels of unemployment and underemployment, business investment and inventory levels, bankruptcies, geopolitical instability, public policy decisions and uncertainty, government spending and debt, international trade relationships, tariffs, interest rates, taxes, inflation and deflation (including the effects of related governmental responses), impacts of new technologies, energy costs and availability of capital and credit all affect the economic environment and, ultimately, our profitability. Additionally, sustained periods of high inflation may, among other things, increase certain of our expenses and erode consumer purchasing power, confidence and spending. An economic downturn or recession may result in higher unemployment and lower household income, consumer spending, corporate earnings and business investment, which may negatively impact spending on our cards and demand for our products, and increase delinquencies and write-off rates.

Spending by our premium consumer Card Members, for example, is sensitive to personal discretionary spending levels and tends to decline during general economic downturns. Likewise, spending by small business and corporate clients, which comprised approximately 41 percent of our worldwide billed business during 2025, depends in part on the economic environment and a favorable climate for continued business investment and new business formation. The consequences of negative circumstances impacting us or the economic environment generally can be sudden and severe and can impact customer types and geographies in which we operate in very different ways.

Our business is subject to the effects of geopolitical conditions, weather, natural disasters and other catastrophic events.

Geopolitical conditions, terrorist attacks, military conflicts, supply chain issues, natural disasters, severe weather, widespread health emergencies or pandemics, information or cybersecurity incidents (including intrusion into or degradation or unavailability of systems or technology by cyberattacks), operational incidents and other catastrophic events can have a material adverse effect on our business. Political and social conditions, including geopolitical instability (such as from tensions involving China and the United States), fiscal and monetary policies (including developments related to the U.S. federal deficit, debt ceiling, government shutdowns and other budgetary issues), trade wars and tariffs, labor shortages, regional or domestic hostilities, economic sanctions and the prospect or occurrence of more widespread conflicts could also negatively affect our business, operations and partners, consumer and business spending, including travel patterns and business investment, and demand for credit. Pandemics and other health emergencies can have widespread and unpredictable impacts on global society, economic conditions and consumer and business behavior. Because we derive a portion of our revenues from travel-related spending and many of our partners’ businesses relate to travel, our business is sensitive to impacts to travel and tourism, such as health and safety concerns and limitations on travel and mobility. In addition, disruptions in air travel and other forms of travel can result in the payment of claims under travel protection products we offer.

We are a multinational company that derives a substantial portion of its revenues from activities outside of the United States and many of our U.S. customers have an international presence or are otherwise affected by global developments. Accordingly, events that impact international relations and geopolitical stability may have a significant impact on our business. For example, several countries have implemented and are considering the further implementation of tariffs, trade barriers or restrictions and other retaliatory international or domestic policies, as well as other measures affecting cross-border commerce, migration and the flow of information. These actions have had and may likely continue to have broad consequences for the global economy and regional and country economies, as well as impacts to global supply chains and negative effects on our customers and partners, which may adversely affect our business.

There are multiple ongoing military conflicts around the world and geopolitical tensions may result in additional conflicts or escalate existing conflicts. Such conflicts have led to economic uncertainty and market disruptions. For example, as a result of the Russian invasion of Ukraine, we exited our business operations in Russia and Belarus. Geopolitical conditions may adversely affect macroeconomic conditions and our business in a number of ways, including potential retaliatory action against companies such as us and our clients and partners, further sanctions activity and export controls, heightened regulatory scrutiny, increased inflation, further increases or fluctuations in goods and energy prices, decreases in global travel, further disruptions to the global

Table of Contents

supply chain and increased prevalence and sophistication of cyberattacks. If international political instability and geopolitical tensions continue or increase, our business and results of operations could be harmed.

Hurricanes, wildfires and other natural disasters have impacted, and may continue to impact, spending and credit performance in the areas affected. Disasters and catastrophic events, and the impact of such events on certain industries or the overall economy, could have a negative effect on our business, results of operations and infrastructure, including our technology and systems and those of our partners and suppliers. Climate-related risks may exacerbate certain of these threats, including the frequency and severity of weather-related events. Card Members in California, Florida, New York, Texas, Georgia and New Jersey account for a significant portion of U.S. consumer and small business billed business and Card Member loans, and our results of operations could be impacted by events or conditions that disproportionately or specifically affect one or more of those states.

Our operating results may materially suffer because of substantial and increasingly intense competition worldwide in the payments industry.

The payments industry is highly competitive, and we compete with networks, issuers, acquirers and other payment service providers and methods of payment, including paper-based transactions (e.g., cash and checks) and electronic transfers (e.g., wire transfers and ACH), as well as evolving and growing alternative mechanisms, systems and products (e.g., web- and mobile-based payment platforms). If we are not able to differentiate ourselves from our competitors, develop compelling value propositions for our customers and/or effectively use emerging technologies to grow in evolving areas such as digital payments and agentic commerce, we may not be able to compete effectively.

We believe Visa and Mastercard are larger than we are in most countries based on purchase volume. As a result, card issuers and acquirers on the Visa and Mastercard networks may be able to benefit from the dominant position, scale, resources, marketing and pricing of those networks. Our business may also be negatively affected if we are unable to continue increasing merchant acceptance (including by merchants that accept cards on the Visa and Mastercard networks) and perceptions of coverage, or if our Card Members do not experience welcome acceptance of our cards.

Some of our competitors have substantially greater scale and resources than we have and may offer richer value propositions or a wider range of programs and services than we offer or may use more effective strategies to acquire and retain more customers, capture a greater share of spending and borrowings, develop more attractive cobrand card and other partner programs, obtain more favorable terms with merchants and maintain greater merchant acceptance than we have. Competition may also intensify as participants in the payments industry merge or enter into joint ventures or other partnerships or business combinations, which may create advantages in competing with our products and services. Government actions or initiatives may also provide competitors with increased opportunities to derive competitive advantages and may create new competitors, including in some cases a government entity. We may not be able to compete effectively against these threats or respond or adapt to changes in customer behavior, such as Card Member spending and borrowing or merchant acceptance, as effectively as our competitors. Costs such as Card Member rewards and Card Member services expenses could continue to increase as we evolve our value propositions, including in response to increased competition. Competitors may also use AI technologies more effectively than us or partner with companies that do so, which may increase the attractiveness and availability of their products and services and allow them to offer greater value propositions and realize greater operational efficiencies.

The payments industry is complex and continues to undergo changes in response to evolving technologies and customer preferences. Spending on our cards could continue to be impacted by increasing usage of credit and debit cards issued on other networks and real-time settlement transactions, such as bank transfers, as well as adoption of alternative payment mechanisms, systems and products, such as digital currencies. The fragmentation of Card Member spending, such as to take advantage of different merchant or card incentives, for convenience with technological solutions or as a result of point-of-sale practices that impact merchant acceptance (e.g., surcharging or differential acceptance), may continue to increase. Revolving credit balances on our cards could also be impacted by alternative financing providers, such as point-of-sale lenders and buy now, pay later products. Regulatory and legislative changes may also significantly alter the competitive landscape, including by facilitating alternative payment or financing mechanisms, such as recent legislation in the U.S. establishing a regulatory framework for stablecoins, or by imposing constraints on payment or financing mechanisms, such as proposals to cap credit card interest rates. To the extent other payment and financing mechanisms, systems and products continue to successfully expand, our discount revenues earned from Card Member spending and our net interest income earned from Card Member borrowing could be negatively impacted. In addition, companies that control access to consumer and merchant payment method choices at the point of sale or through digital wallets, agentic or other commerce-related experiences, mobile applications or other technologies could choose not to accept, suppress use of, or degrade the experience of using our products or could restrict our access to our customers and transaction data. Such companies could also require payments from us to participate in such digital wallets, experiences or applications or negotiate incentives or pricing concessions, impacting our profitability on transactions. As AI technologies are increasingly integrated into payments and related services, such as through the adoption of agentic commerce, these dynamics may accelerate and new dynamics that are difficult to predict may develop, any of which may disadvantage our business.

The competitive value of our data and demand for our products and services may also be diminished as traditional and non-traditional competitors use other, new data sources and technologies, including generative AI, to derive similar insights and by certain regulations. Open banking initiatives, including those promoted by governments and regulators, may result in a number of challenges to our business model, such as disintermediating us from our customers, steering customers away from our products and services or decreasing our attractiveness to partners. Competitors have also sought to create their own integrated payments platforms and may have competitive advantages in doing so as compared to our business.

To the extent we expand into, or further grow in, new business areas, such as new products and services that complement our card products, and new geographic regions, we will face competitors with more experience and more established relationships with relevant customers, regulators and industry participants, which could adversely affect our ability to compete. Laws and business practices that favor local competitors, require card transactions to be routed over domestic networks or prohibit or limit foreign ownership of certain businesses could limit our growth in international regions.

Table of Contents

We may face additional compliance and regulatory risks to the extent that we expand into new business areas, and we may need to dedicate more expense, time and resources to comply with regulatory requirements than our competitors, particularly those that are not regulated financial institutions.

Many of our competitors are subject to different, and in some cases, less stringent, legislative and regulatory regimes, and some may have lower cost structures and more agile business models and systems. For example, banking regulators are increasingly open to issuing limited-purpose licenses to allow companies to conduct certain banking activities under more limited regulatory requirements. More restrictive laws and regulations that do not apply to all of our competitors can put us at a disadvantage, including prohibiting us from engaging in certain transactions, regulating our business practices or adversely affecting our cost structure.

We face intense competition for partner relationships, which could result in a loss or renegotiation of these arrangements that could have a material adverse impact on our business and results of operations.

In the ordinary course of our business we enter into different types of contractual arrangements with business partners in a variety of industries. For example, we work with partners such as Delta, Marriott, British Airways and Hilton to offer cobranded cards for consumers and small businesses, and with partners in many industries, including Delta, to offer benefits and rewards to Card Members. Other aspects of our customer value propositions also increasingly rely on our ability to co-create and co-fund value with partners, such as statement credits for purchases with partners and travel and dining benefits. See “Partners and Relationships” under “Business” for additional information on our business partnerships, including with Delta.

Competition for relationships with key business partners is very intense and there can be no assurance we will be able to grow or maintain these partner relationships or that they will remain as profitable or valued by our customers. Establishing and retaining attractive cobrand card partnerships is particularly competitive among card issuers and networks as these partnerships typically appeal to high-spending loyal customers. All of our cobrand portfolios in the aggregate accounted for approximately 26 percent of our worldwide billed business for the year ended December 31, 2025. Card Member loans related to our cobrand portfolios accounted for approximately 36 percent of our worldwide Card Member loans as of December 31, 2025.

Cobrand and other partner arrangements are generally entered into for a fixed period and will terminate in accordance with their terms, including at the end of the fixed period unless extended or renewed at the option of the parties, or upon early termination as a result of an event of default or otherwise. We face the risk that we could lose partner relationships, even after we have invested significant resources in the relationships. Additionally, partners may make changes to the products and services they offer or otherwise become less desirable to our customers, which may lower the value of our products, such as cards with embedded partner value and the cobranded cards we issue to our customers. We also may not renew certain relationships, such as our Amazon and Lowe’s small business cobrand portfolios, which, as previously disclosed, have been reclassified to held for sale on our Consolidated Balance Sheets. Billed business could decline and Card Member attrition could increase, in each case, significantly as a result of the termination of one or more partnership relationships. In addition, some of our cobrand arrangements provide that, upon expiration or termination, the cobrand partner may purchase or designate a third party to purchase the loans generated with respect to such cobranded card portfolio, which could result in the loss of the card accounts and a significant decline in our Card Member loans outstanding.

We regularly seek to extend or renew cobrand and other partner arrangements in advance of the end of the contract term and face the risk that existing relationships will be renegotiated with less favorable terms for us or that we may be unable to renegotiate on terms that are acceptable to us, as competition for such relationships continues to increase. We make payments to our cobrand partners, which can be significant, based primarily on the amount of Card Member spending and corresponding rewards earned on such spending and, under certain arrangements, on the number of accounts acquired and retained. The amount we pay to our cobrand partners has increased, particularly in the United States, and may continue to increase as arrangements are renegotiated due to increasingly intense competition for cobrand partners among card issuers and networks.

The loss of exclusivity arrangements with business partners, the loss of the partner relationship altogether (whether by non-renewal at the end of the contract period, such as the end of our relationship with Costco in the United States in 2016, or as the result of a merger, legal or regulatory action or otherwise) or the renegotiation of existing partnerships with terms that are significantly worse for us could have a material adverse impact on our business and results of operations. See “ Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition ” above for information on the uncertainty regarding our cobrand and agent relationships in the EU. In addition, any publicity associated with the loss of any of our key business partners could harm our reputation, making it more difficult to attract and retain Card Members and merchants, and could weaken our negotiating position with our remaining and prospective business partners.

Arrangements with our business partners represent a significant portion of our business. We are exposed to risks associated with our business partners, including reputational issues, business slowdowns, bankruptcies, liquidations, restructurings, consolidations and outages, and the possible obligation to make payments to our partners.

Our success is, in many ways, dependent on the success of our partners. From customer acquisition to cobranding arrangements, from providing rewards and benefits to customers to facilitating B2B supplier payments for our corporate clients, we rely on our business partners across many aspects of our company and our arrangements with business partners represent a significant portion of our business. For example, our two largest redemption partners are Amazon and Delta. Some of our partners manage certain aspects of our customer relationships, such as our OptBlue program participants. To the extent any of our partners fail to effectively promote and support our products, experience a slowdown in their business, operational disruptions, reputational issues or loss of consumer confidence, or are otherwise unable to meet our expectations or those of their other stakeholders, our business may be materially negatively impacted. We also face the risk that existing relationships will be renegotiated with less favorable terms for us or that we may be unable to renegotiate on terms that are acceptable to us. In addition, we may be obligated to make or accelerate payments to certain business partners such as cobrand partners upon the occurrence of certain triggering events such as a

Table of Contents

shortfall in certain performance and revenue levels. If we are not able to effectively manage these triggering events, we could unexpectedly have to make payments to these partners, which could have a negative effect on our financial condition and results of operations. See Note 12 to the “Consolidated Financial Statements” for additional information on financial commitments related to agreements with certain cobrand partners.

Similarly, we are exposed to risk from bankruptcies, liquidations, insolvencies, financial distress, restructurings, structural shifts in the economy, consolidations, operational outages, cybersecurity incidents and other similar events that may occur in any industry representing a significant portion of our billed business or with respect to any of our important business partners (such as those with whom we co-create and co-fund value for customers), which could negatively impact particular card products and services (and volumes generally) and our financial condition and results of operations. We have previously and may in the future pre-purchase loyalty points from certain of our cobrand partners, the value of which may diminish to the extent such partners cease operations or such points become less desirable to our customers. We could also be materially impacted if we were obligated or elected to reimburse Card Members for products and services purchased from merchants that have ceased operations or stopped accepting our cards. For example, we are exposed to credit risk in the airline industry to the extent we protect Card Members against non-delivery of purchases, such as where we have remitted payment to an airline for a Card Member purchase of tickets that have not yet been used or “flown.” If we are unable to collect the amount from the airline, we may bear the loss for the amount credited to the Card Member. Spending at airline merchants accounted for approximately 6 percent of our worldwide billed business for the year ended December 31, 2025.

For additional information relating to operational risks of our business partners, see “ We rely on third-party providers for acquiring and servicing customers, technology, platforms and other services integral to the operations of our businesses. These third parties may act in ways or experience issues that could materially harm our business ” below.

We face continued intense competitive pressure that may materially impact the prices we charge for accepting our cards for payment, as well as the risk of losing merchant relationships, which could have a material adverse impact on our business and results of operations.

We face pressure from competitors that primarily rely on sources of revenue other than discount revenue or have lower costs that can make their pricing for card acceptance more attractive. Merchants, business partners and third-party merchant acquirers, processors and payment facilitators are also able to negotiate incentives, pricing concessions and other favorable contractual provisions from us as a condition to accepting our cards, being cobrand partners, offering benefits to our Card Members or signing merchants to accept American Express cards. As these parties become even larger (such as the largest tech companies) or as evolving technologies and customer preferences alter the payments landscape, we may have to increase the amount of incentives and/or concessions we provide to them. We also face the risk of losing relationships with these parties or that they limit acceptance of our cards, which could materially adversely affect spending on our cards and our ability to retain current Card Members and attract new Card Members and therefore, our business and results of operations.

Our merchant discount rates have been impacted by regulatory changes affecting competitor pricing in certain international countries and U.S. states, as well as litigation related to pricing, and may in the future be impacted by pricing regulation and litigation. We have also experienced erosion of our merchant discount rates as we increase merchant acceptance. We may not be successful in significantly expanding merchant acceptance or offsetting rate erosion with volumes at new merchants. In addition, the regulatory environment and differentiated payment models and technologies from non-traditional players in the alternative payments space could pose challenges to our payment model and adversely impact our merchant discount rates. Some merchants, including large tech companies and other large merchants, continue to invest in their own payment and financing solutions, such as proprietary-branded digital wallets, using both traditional and new technology platforms. If merchants are able to drive broad consumer adoption and usage, it could adversely impact our merchant discount rates and network and loan volumes.

A continuing priority of ours is to drive greater and differentiated value to our merchants that, if not successful, could negatively impact our discount revenue and financial results. We may not succeed in maintaining merchant discount rates or offsetting the impact of declining merchant discount rates, for the reasons discussed above and others, which could materially and adversely affect our revenues and profitability, and therefore our ability to invest in innovation and in value-added services for merchants, business partners and Card Members.

Surcharging, steering or other differential acceptance practices by merchants could materially adversely affect our business and results of operations.

In certain countries, such as Australia (where surcharging is currently under reconsideration), Canada (other than in the Province of Quebec) and certain Member States in the EU, and in certain states in the United States, merchants are permitted by law to engage in surcharging, steering or other differential acceptance practices for certain card purchases and certain merchants and merchant organizations continue to push for these practices in other jurisdictions. In jurisdictions where surcharging is not prohibited, we have seen an increase in merchant surcharging on American Express cards, particularly in certain merchant categories, and in some cases, either the surcharge is greater than that applied to cards issued on competing networks or cards issued on competing networks are not surcharged at all (practices that are known as differential surcharging), even though there are many cards issued on competing networks that have an equal or greater cost of acceptance for the merchant. In addition to surcharging, we also encounter merchants that accept our cards, but tell their customers that they prefer to accept another type of payment or otherwise seek to suppress use of our cards or certain of our cards, such as limiting the use of our cards for certain transactions.

Our Card Members value the ability to use their cards where and when they want to, and we, therefore, take steps to meet our Card Members’ expectations and to protect the American Express brand by prohibiting discrimination through provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, subject to local legal requirements. We generally do not prohibit surcharging in our agreements with merchants so long as it is permitted by law and a merchant does not discriminate against American Express cards by engaging in differential surcharging.

Table of Contents

American Express cards could become less desirable to consumers and businesses generally due to surcharging, steering or other forms of discrimination, which could result in a decrease in cards-in-force, coverage and transaction volumes, including as a result of related actions we may take to enforce our merchant contractual provisions such as terminating merchant contracts. The impact could vary depending on such factors as: the industry or manner in which a surcharge is levied; how Card Members are surcharged or steered to other card products or payment forms at the point of sale; the ease and speed of implementation for merchants, merchant acquirers, processors, payment facilitators or other merchant service providers, including as a result of new or emerging technologies such as AI and agentic commerce; the size and recurrence of the underlying charges; and whether and to what extent these actions are applied to other forms of payment, including whether it varies depending on the type of card (e.g., credit or debit), product, network, acquirer or issuer. We also increasingly rely on merchant acquirers, processors and payment facilitators to manage certain aspects of our merchant relationships and promote and support the acceptance and usage of our cards, but they may have business interests, strategies or goals that are inconsistent with ours. Discrimination against American Express cards could have a material adverse effect on our business, financial condition and results of operations, particularly where it only or disproportionately impacts credit card usage or card usage generally, our Card Members or our business.

We may not be successful in our efforts to promote card usage or attract new customers, including through marketing and promotion, merchant acceptance and Card Member rewards and services, or to effectively control the costs of such investments, all of which may materially impact our profitability.

Revenue growth is dependent on increasing consumer and business spending on our cards, growing loan balances and increasing fee revenue. We have been investing in a number of growth initiatives, including to attract new Card Members, retain existing Card Members, grow merchant acceptance and capture a greater share of customers’ total spending and borrowings. We have also introduced complementary products, such as travel and dining platforms, checking accounts, debit cards and expense management tools. There can be no assurance that our investments will continue to be effective, particularly as consumer and business behaviors continue to change and competition in the payments industry remains intense. Increasing spending on our cards also depends on our continued expansion of merchant acceptance of our cards. If we are unable to continue growing merchant acceptance and perceptions of coverage, or if merchants decide to no longer accept American Express cards or more greatly engage in surcharging, steering or other differential acceptance practices, our business could suffer. As the payments industry continues to evolve, we may expand our product and service offerings, which could include offering new payment mechanisms or additional complementary products, or shift the focus of our investments. We may also add customer acquisition channels and form new partnerships or renew current partnerships. Any of these initiatives could have higher costs than our current arrangements, fail to resonate with customers, adversely impact our merchant discount rates and existing product and service offerings or dilute our brand.

Another way we invest in customer value is through a range of Card Member rewards and benefits, including our Membership Rewards program. We rely on third parties for certain Membership Rewards redemption options, statement credits, Card Member offers, travel- and dining-related benefits and other rewards and benefits, and we may modify or not be able to continue to offer such rewards and benefits in the future, which could diminish the value of our cards. Many credit card issuers and certain other companies have developed rewards and cobrand programs and other benefits and services that are similar to ours and may be more attractive. An inability to differentiate our products and services could materially adversely affect us.

We may not be able to cost-effectively manage and expand Card Member benefits, including containing the growth of marketing, promotion, rewards and Card Member services expenses in the future, and our ability to do so will depend in part on our ability to attract value from partners. In addition, to the extent our products or offers attract customers looking for short-term incentives and fail to incentivize long-term loyalty, costs and Card Member attrition could increase. Any significant change in, or failure by management to reasonably estimate, usage of Card Member services, redemptions of Membership Rewards points and statement credit offers and associated costs could adversely affect our profitability. If our expenses significantly increase beyond our expectations, we may be unable to offset the financial impact by decreasing investments in other areas of the business or operating expenses or increasing revenues such as fee-based revenues, or both, particularly in the current regulatory and competitive environment.

Our brand and reputation are key assets of our Company, and our business may be materially affected by how we are perceived in the marketplace.

Our brand and its attributes are key assets, and we believe our continued success depends on our ability to preserve, grow and realize the benefits of the value of our brand. Our ability to attract and retain consumer and small business Card Members and corporate clients is highly dependent upon the external perceptions of our level of service, trustworthiness, business practices, fraud prevention, privacy and data protection, management, workplace culture, merchant acceptance, financial condition, response to political and social issues or catastrophic events and other subjective qualities. Negative perceptions or publicity regarding these matters—even if related to seemingly isolated incidents and whether or not factually correct—could erode trust and confidence and damage our reputation among existing and potential Card Members, corporate clients, merchants and partners, which could make it difficult for us to attract new customers and maintain existing ones, and could subject us to heightened legal and regulatory scrutiny. Negative public opinion could result from actual or alleged conduct in any number of activities or circumstances, including card practices, regulatory compliance, the use and protection of customer information, conduct by our colleagues and policy engagement and charitable giving, including activities of the American Express Company Political Action Committee and the American Express Foundation, and from actions taken by regulators or others in response thereto. Moreover, the speed with which information spreads through social media and other news sources, the increased prevalence of campaigns by activists and others targeting corporate practices (including those advancing certain political or social agendas), and the ease with which customers can switch to competing products may amplify the onset and negative effects from such perceptions.

Our brand and reputation may also be harmed by actions taken by third parties that are outside our control. For example, any shortcoming of, or controversy related to, a third-party service provider, business partner, merchant acquirer or network partner may be attributed by Card Members and merchants to us, thus damaging our reputation and brand value. Our brand may also be

Table of Contents

negatively impacted by perceptions about our Card Member base, ability or inability of certain individuals or companies to become customers and their usage of our cards and other products and services, and acceptance of American Express cards by merchants in certain industries, when American Express cards are used for payment for legal, but controversial, products and services, or any government inquiries or legislative scrutiny related to customer acquisition practices or card acceptance or usage. The lack of acceptance, suppression of card usage or surcharging by merchants can also negatively impact perceptions of our brand and our products, lower overall transaction volume and increase the attractiveness of other payment products or systems. Adverse developments with respect to our industry may also negatively impact our reputation, or result in greater regulatory or legislative scrutiny or litigation against us. Furthermore, as a corporation with headquarters and operations located in the United States and a brand name referring to the United States, a negative perception of the United States arising from its political or other positions could harm the perception of our company and our brand. These risks to our brand and reputation, as well as other risks described herein, are heightened by the increasing sophistication and availability of AI technology, including by assisting with the creation of deepfakes, increasing the velocity of distribution of disinformation and potentially altering the payments landscape in ways that disintermediate or create a negative perception of us. Although we monitor developments for areas of potential risk to our reputation and brand, negative perceptions or publicity could materially and adversely affect our business volumes, revenues, liquidity and profitability.

We face increased scrutiny from stakeholders who have diverging views related to business practices and company activities, which could result in reputational harm, litigation, enforcement actions and other adverse consequences. In addition, we are subject to increasing regulatory requirements and legal risks related to corporate sustainability topics, such as those arising from new disclosure requirements in certain jurisdictions. Inaccurate perceptions or mischaracterizations of disclosures on these topics, or our goals and initiatives, while outside of our control, could impact our reputation, colleague hiring and retention, and demand for our products and services.

If we are not able to successfully invest in, and compete with respect to, technological developments and new products and services across all our businesses, our revenue and profitability could be materially adversely affected.

Our industry is subject to rapid and significant technological changes. In order to compete in our industry, we need to continue to invest in technology across all areas of our business, including in transaction processing, data management and analytics, AI & ML (including agentic commerce), customer interactions and communications, open banking and alternative payment and financing mechanisms (including related to digital currencies and blockchain technologies), authentication technologies and digital identification, tokenization, real-time settlement and risk management and compliance systems. Incorporating new technologies into our products and services, including developing the appropriate governance and controls consistent with regulatory expectations, requires substantial expenditures and takes considerable time, and may have unintended consequences or ultimately be unsuccessful. We expect that new technologies in the payments industry will continue to emerge, and these new technologies may be superior to, or render obsolete, our existing technology.

The process of developing new products and services, enhancing existing products and services and adapting to technological changes and evolving industry standards is complex, costly and uncertain, and any failure by us to accurately anticipate and respond to customers’ changing needs and emerging technological trends could significantly impede our ability to compete effectively. Our competitors may develop, or partner with companies that develop, products, platforms or technologies that become more widely adopted by consumers, merchants or service providers than ours, including as a result of increased involvement by technology companies in the payments industry and our competitors’ greater scale or ability to pursue and adopt new technologies. In addition, we may underestimate the resources needed and overestimate our ability to develop new products and services and customer demand for such products and services, particularly beyond our traditional card products and travel-related services.

The use of AI & ML technologies, including generative AI and agentic commerce, has increased rapidly and may be transformative to the payments industry, heightening the risks described herein and others in ways that may be unpredictable and disadvantageous to us. Our and our partners’ use of AI & ML is subject to various and evolving risks, including flaws in models or datasets that may result in biased or inaccurate results, especially as generative AI has been known to produce false or “hallucinatory” inferences or outputs. The use of AI may also result in unintended or unexpected outcomes, present significant ethical challenges and heighten risks related to information security, the infringement of intellectual property rights and exposure of proprietary or personal information. We may also face challenges in our ability to safely deploy AI systems and implement appropriate governance and controls, which may not be as burdensome to our competitors, and which may impair our implementation or impose additional risks. The complexity of these technologies can make it difficult to assess proper operation, reduce error, or understand and explain their outputs. Adverse consequences of AI & ML remain uncertain but could include flaws in the decisions, predictions, outputs or analysis such technologies produce, subjecting us to competitive harm, legal liability, heightened regulatory scrutiny, greater prevalence of surcharging or other negative point-of-sale practices and brand or reputational harm, as well as decreased demand for our products and services or increased costs.

Our ability to adopt new technologies may be inhibited by the emergence of industry-wide standards, a changing legislative and regulatory environment, an inability to develop appropriate governance and controls, a lack of internal product and engineering expertise, resistance to change from Card Members, merchants or service providers, lack of appropriate change management processes or the complexity of our systems. In addition, our adoption of new technologies and our introduction of new products and services may increase operational complexity and risk, and expose us to new or enhanced risks, particularly in areas where we have less experience or our existing governance and control systems may be insufficient, which could require us to make substantial expenditures or subject us to legal liability, heightened regulatory scrutiny and brand or reputational harm.

We may not be successful in realizing the benefits associated with our acquisitions, strategic alliances, joint ventures and investment activity, and our business and reputation could be materially adversely affected.

We have acquired a number of businesses and have made a number of strategic investments, and continue to evaluate potential transactions. There is no assurance that we will be able to successfully identify suitable candidates, value potential investment or acquisition opportunities accurately, detect potential risks and liabilities related to those opportunities, negotiate acceptable terms

Table of Contents

for those opportunities, or complete proposed acquisitions and investments. The process of integrating an acquired company, business or technology could create unforeseen operating difficulties and expenditures, including in integrating systems, customers and personnel or further developing the acquired business or technology, result in unanticipated liabilities, including legal claims, violations of laws, commercial disputes and information security vulnerabilities or breaches (including from not integrating the acquired company, business or technology quickly or appropriately, from activities that occurred prior to the acquisition, from inadequate systems or controls of the acquired company, and from exposure to third party relationships of the acquired company or business or new laws and regulations), and may divert company time and resources or harm our business generally. For example, legal claims have arisen relating to the structure and consideration paid in certain of our acquisitions. Expanding to new businesses, geographies or customer types through acquisitions may subject us to new risks and we may not have the relevant expertise or business structure to achieve desired results. It may take us longer than expected to fully realize the anticipated benefits of these transactions, and those benefits may ultimately be smaller than anticipated, not realized at all or fully offset by other costs, which could materially adversely affect our business and operating results, including as a result of write-downs of goodwill and other intangible assets.

Joint ventures, such as those through which we operate in certain foreign jurisdictions, and minority investments in companies, such as GBTG, inherently involve a lesser degree of control over business operations, thereby potentially increasing the financial, legal, operational and/or compliance risks associated with the joint venture or minority investment, including as a result of being subject to different laws or regulations. Joint ventures and other partnerships or minority investments operating in foreign jurisdictions may also face risks from adverse regulatory actions, which could adversely affect their operations or our investment. In addition, we may be dependent on joint venture partners, controlling shareholders or management who may have business interests, strategies or goals that are inconsistent with ours and we have been and may in the future be involved in litigation with our joint venture partners and other shareholders and parties related to the joint ventures and investments. We have commercial arrangements with GBTG, including, among other things, a long-term trademark license agreement pursuant to which GBTG uses select American Express marks. GBTG also supports certain of our strategic partnerships and our Commercial Services business. Business decisions or other actions or omissions of a joint venture partner, other shareholders or management of our joint ventures and companies in which we have minority investments may adversely affect the value of our investment or any commercial benefit to us from the relationship, result in litigation or regulatory action against us and otherwise damage our reputation and brand. In addition, trade secrets and other proprietary information we may provide to a joint venture may become available to third parties beyond our control. The ability to enforce intellectual property and contractual rights to prevent disclosure of our trade secrets and other proprietary information may be limited in certain jurisdictions.

Additionally, from time to time we may decide to divest certain businesses or assets. These divestitures may involve significant uncertainty and execution complexity, which may cause us not to achieve our strategic objectives, realize expected cost savings or obtain other benefits from the divestiture and may result in unexpected losses of colleagues or harm to our brand, customers or other partners. Further, during the pendency of a divestiture, we may be subject to risks such as that the transaction may not close or the business to be divested may decline, and if a divestiture is not completed, we may not be able to find another acquiror on similar terms.

Operational and Compliance Risks

We may not be able to effectively manage the operational and compliance risks to which we are exposed.

We consider operational risk as the risk to our current or projected financial condition and resilience arising from inadequate or failed processes, human error or adverse external events. Operational risk includes, among others, the risk that error or misconduct could result in a material financial misstatement, a failure to monitor a third party’s compliance with regulatory or legal requirements, a failure to adequately monitor and control access to, or use of, data in our systems we grant to third parties or a failure to satisfy our obligations to our customers with respect to our products and services. For example, as previously disclosed, we have identified issues related to our rewards and benefits programs and have taken actions to remediate the issues and enhance our related procedures and controls. As processes or organizations are changed or become more complex, we grow in size or acquire businesses, new products and services are introduced, such as new lending features, banking products, dining capabilities and digital collectibles, or we become subject to more stringent or complicated regulatory requirements, we may not identify or address new operational risks. Through human error, fraud or malfeasance, conduct risk can result in harm to customers, legal liability, fines, sanctions, customer remediation and brand damage. Although we maintain systems and controls to help mitigate conduct risk, they may not be effective, and misconduct by one or more colleagues or partners, particularly those with access to key systems or information, could have wide-reaching consequences.

Compliance risk arises from violations of, or failure to conform or comply with, laws and/or regulations, internal policies and procedures and related practices, or ethical standards. We need to continually update and enhance our control environment to address operational and compliance risks, and our control environment and related systems have in certain instances not sufficiently detected, and may in the future not sufficiently detect, errors or omissions. Operational and compliance failures, deficiencies in our control environment or an inability to maintain high standards of business conduct can expose us to reputational and legal risks as well as fines, civil money penalties or payment of damages and can lead to diminished business opportunities and diminished ability to expand key operations.

A major information or cybersecurity incident could lead to reputational damage to our brand and material legal, regulatory and financial exposure, and could reduce the use and acceptance of our products and services.

We and third parties collect, process, transfer, host, store, analyze, retain, provide access to and dispose of account information, payment transaction information, sensitive business information and certain types of personally identifiable and other information pertaining to our customers, partners and colleagues in connection with our cards and other products and in the normal course of our business.

Table of Contents

Global financial institutions like us, as well as our customers, colleagues, regulators, service providers and other third parties, have experienced a significant increase in information security and cybersecurity risk in recent years and will likely continue to be the target of increasingly sophisticated cyberattacks, including computer viruses, malicious or destructive code, ransomware, social engineering attacks (including phishing, impersonation and identity takeover attempts), AI-assisted deepfake attacks and disinformation campaigns, corporate espionage, hacking, website defacement, denial-of-service attacks, exploitation of vulnerabilities and other attacks and similar disruptions from the misconfiguration or unauthorized use of or access to computer systems and company accounts. These threats have arisen from external parties, including state-sponsored and nation state actors, as well as insiders who knowingly or unknowingly engage in or enable malicious cyber activities. There are a number of motivations for cyber threat actors, including criminal activities such as fraud, identity theft and ransom, corporate or nation-state espionage, political agendas, public embarrassment with the intent to cause financial or reputational harm, intent to disrupt information technology systems and supply chains, and to expose and exploit potential security and privacy vulnerabilities in corporate systems and websites. Cyber threat actors have rapidly evolved their techniques and increasingly utilize advanced capabilities, including the exploitation of unknown security flaws in software and hardware and the integration of advanced forms of AI and other new technology, which can increase the efficacy, severity, frequency and ease of execution of cyberattacks. In addition, new computing technologies, such as quantum computing, may enable threat actors to compromise data encryption and other protective measures.

Our and our partners’ networks and systems are subject to constant attempts to disrupt business operations and capture, destroy, manipulate or expose various types of information relating to corporate trade secrets, customer information (including Card Member, travel, dining and loyalty program data), colleague information and other sensitive business information (including acquisition activity, non-public financial results and intellectual property). For example, we and other U.S. financial services providers have been the target of attacks, such as denial-of-service attacks, social engineering and the impersonation of current or prospective employees and contractors, in some cases conducted by nation state-affiliated actors. We develop and maintain systems and processes aimed at detecting and preventing information security and cybersecurity incidents and fraudulent activity, including our cyber crisis response procedures, which require significant investment, maintenance and ongoing monitoring and updating as technologies and regulatory requirements change, new vulnerabilities and exploits are discovered and as efforts to overcome security measures become more sophisticated. In addition, our own usage of generative AI and other emerging technologies may increase our vulnerabilities or limit our ability to detect intrusion.

Despite our efforts and the efforts of third parties that process, transmit or store our data and data of our customers and colleagues or support our operations, such as service providers, merchants and regulators, the possibility of information, operational and cybersecurity incidents, malicious social engineering, password mismanagement, corporate espionage, fraudulent or other malicious activities and human error or malfeasance cannot be eliminated entirely and will evolve as new and emerging technologies are deployed by threat actors, including the potential use of advanced forms of AI and quantum computing, and we increasingly use platforms that are outside of our network and control environments. For example, we are aware that certain of our third-party service providers and joint ventures have been the victims of ransomware and other cyberattacks, in some instances that affected our data or services provided to us. Furthermore, recently introduced products and services, such as checking accounts and non-card lending, may lead to an increase in the number or types of cyberattacks and our exposure to fraud and other malfeasance. Risks associated with such incidents and activities include theft of funds and other monetary loss, disruption of our operations and the unauthorized disclosure, release, gathering, monitoring, misuse, modification, loss or destruction of confidential, proprietary, trade secret or other information (including account data information). An incident may not be detected until well after it occurs and the severity and potential impact may not be fully known for a substantial period of time after it has been discovered. We are subject to varied cybersecurity regulations and incident reporting requirements, which could require us to disclose incidents that may not have been resolved or fully investigated at the time of disclosure, leading to customer confusion, regulatory scrutiny and negative publicity and exacerbating risks related to the incident itself. Our ability to address incidents may also depend on the timing and nature of assistance that may be provided by relevant governmental or law enforcement agencies.

Information, operational or cybersecurity incidents and other actual or perceived failures to maintain confidentiality, integrity, availability of services and data, privacy and/or security has led to regulatory investigations and increased regulatory scrutiny and may lead to regulatory intervention (such as mandatory card reissuance), consent decrees, increased litigation (including class action litigation), response costs (including notification and remediation costs), fines, negative assessments of us and our subsidiaries by banking regulators and rating agencies, reputational and financial damage to our brand, negative impacts to our partner relationships, and reduced usage of our products and services, all of which could have a material adverse impact on our business. The disclosure of sensitive company information could also undermine our competitive advantage and divert management attention and resources.

Successful cyberattacks, data breaches, disruptions or other incidents related to the actual or perceived failures to maintain confidentiality, integrity, availability of services and data, privacy and/or security at other large financial institutions, large retailers, travel and hospitality companies, government agencies or other market participants, whether or not we are impacted, could lead to a general loss of customer confidence that could negatively affect us, including harming the market perception of the effectiveness of our security measures or harming the reputation of the financial system in general, which could result in reduced use of our products and services. Such events could also result in legislation and additional regulatory requirements. Although we maintain cyber insurance, there can be no assurance that liabilities or losses we may incur will be covered under such policies or that the amount of insurance will be adequate.

The uninterrupted operation of our information systems is critical to our success and a significant disruption could have a material adverse effect on our business and results of operations.

We rely extensively on our information technology systems and those of our third parties, including our transaction authorization, clearing and settlement systems, data centers and cloud data storage and processing services, which have experienced and may continue to experience service disruptions or degradation that may result from technology malfunction, sudden increases in

Table of Contents

processing or other volumes, natural disasters and weather events, fires, accidents, technology change management issues, power outages, internet outages, telecommunications failures, fraud, denial-of-service, ransomware and other cyberattacks, inadequate infrastructure in lesser-developed markets, technology capacity management issues, terrorism, computer viruses, vulnerabilities or failures in hardware or software, physical or electronic break-ins, or other operational issues or similar events. Due to the interconnectivity and complexity of information systems and their reliance on common systems, software and vendors (e.g., large technology and cloud-service providers), disruptions or degradations have had, and will likely continue to have, wide-reaching consequences, including the potential to disrupt the overall financial system and other key systems in the global economy. Service disruptions or degradations impacting us or our partners can prevent access to online services and account information, compromise or limit access to company or customer data, impede or prevent transaction processing, communications to customers and financial reporting, disrupt ordinary business operations, result in contractual penalties or obligations, trigger regulatory reporting obligations, and lead to regulatory investigations and fines, increased regulatory oversight, and litigation (including class action litigation). Any such service disruption or degradation could adversely affect the perception of the reliability of our products and services and materially adversely affect our overall business, reputation and results of operations.

Fraudulent activity associated with our products and services could have a material adverse effect on our business and results of operations.

We face risks from fraudulent activity associated with Card Members, merchants and others, including through bad actors obtaining access to our customer accounts and information and frauds committed by our customers against us. Large financial services firms such as American Express and our customers are regularly targeted by a range of fraudulent activity, including fraud on our card and banking products, false disputes, account takeovers, identity theft and electronic-transaction related crimes, with sophisticated perpetrators increasingly utilizing a range of advanced techniques and multiple parties acting in concert. New or emerging technologies, such as generative AI capabilities, have increased these fraud risks. For example, we have seen our customers targeted by elaborate and voluminous social engineering attacks, which may utilize advanced methods of deception, such as synthetic voice and conversation generation. Information and cybersecurity breaches and other operational incidents that we or third parties experience also increase our fraud risk. Additionally, our introduction of new products and services, expansion into new jurisdictions or usage of new partners or vendors may create new fraud risks or heighten existing risks. While we have policies and procedures designed to address fraud risks, such as customer authentication controls and fraud detection systems, they may be insufficient to accurately predict, prevent or detect fraud.

Increased fraudulent activity associated with our products and services could materially adversely affect our financial condition and results of operations, including as a result of credit losses and other expenses. Furthermore, fraudulent activity could harm our brand and reputation, negatively impact the use or acceptance of our products and services and lead to regulatory intervention or other actions (such as mandatory card reissuance).

Our business is subject to evolving and comprehensive government regulation and supervision, which could materially adversely affect our results of operations and financial condition.

We face heightened and evolving regulatory expectations and scrutiny in the U.S. and globally, which significantly affects our business and requires continual enhancement of our compliance efforts. Supervision efforts and the enforcement of existing laws and regulations impact the scope and profitability of our existing business activities, limit our ability to pursue certain business opportunities and adopt new technologies, compromise our competitive position (particularly where we may be treated differently from our competitors), and affect our relationships with Card Members, partners, merchants, service providers and other third parties. New laws or regulations could similarly affect our business, increase the costs and complexity of doing business, impact what we are able to charge for, or offer in connection with, our products and services, impose conflicting obligations, and require us to change certain of our business practices and invest significant management attention and resources, all of which could adversely affect our results of operations and financial condition. Political developments, including those relating to recent shifts in trade policy and heightened geopolitical tensions, have resulted in and may further result in an increase in the number, complexity and scope of laws and regulations, heightened legislative and regulatory uncertainty, changes to supervisory and enforcement priorities, and increased risk of fragmentation in global financial regulation. In addition, legislators and regulators around the world are aware of each other’s approaches to the regulation of the financial services industry, so a development in one jurisdiction may influence regulatory approaches in another.

If we fail to satisfy regulatory requirements and expectations or maintain our financial holding company status or other applicable licenses and charters, our financial condition and results of operations could be adversely affected, and we may be restricted in our ability to take certain capital actions (such as declaring dividends or repurchasing outstanding shares) or engage in certain business activities or acquisitions, which could compromise our competitive position. Additionally, our banking regulators have wide discretion in the examination and the enforcement of applicable banking statutes and regulations and may restrict our ability to engage in certain business activities or acquisitions or require us to maintain more capital. We are currently a Category III firm for purposes of the U.S. federal bank regulatory agencies’ tailoring framework, which subjects us to heightened regulatory expectations and more stringent regulatory requirements. As we continue to grow, these expectations and requirements may further increase, such as if we become a Category II firm, which may increase our compliance costs and adversely affect our business.

Legislators and regulators continue to focus on the operation of card networks, including interchange fees paid to card issuers in payment networks such as Visa and Mastercard, network routing practices and the fees merchants are charged to accept cards. While in some cases our business is subject to exemptions related to certain of these regulations, there is no guarantee that such exemptions will continue to be available and even where we are not directly regulated, regulation of bankcard fees significantly negatively impacts the discount revenue derived from our business, including as a result of downward pressure on our discount rate from decreases in competitor pricing in connection with caps on interchange fees. In some cases, regulations also extend, or may extend, to certain aspects of our business, such as network and cobrand arrangements, new products or services we may offer, or the terms of card acceptance for merchants, including terms relating to non-discrimination and honor-all-cards. For example, we have exited our network licensing businesses in the EU and Australia as a result of regulation in those jurisdictions. In addition,

Table of Contents

there is uncertainty as to when or how interchange fee caps and other provisions of payments legislation might apply when we work with cobrand partners and agents in the EU. See “Supervision and Regulation — Payments Regulation” under “Business” for more information. Given differing interpretations by regulators and participants in cobrand arrangements, we are subject to regulatory action, penalties and the possibility we will not be able to maintain our existing cobrand and agent relationships in the EU. In addition, a number of federal and state laws to regulate various aspects of network operations are being considered or have passed, including regarding information associated with electronic transactions (such as the use of specific merchant categories codes or limitations on the use of transaction data) and pricing of electronic transactions (such as interchange fees on sales tax or gratuities).

Legislators and regulators also continue to focus on consumer protection, including product design and pricing constructs, account management and security, creditworthiness assessments, credit bureau reporting, disclosure rules, marketing, forbearance measures and debt collection practices. This focus has included fees, interest rates and rewards associated with card and banking products, such as recent proposals to cap credit card interest rates. In addition, government agencies are reviewing financial institutions’ policies and practices for providing, maintaining or discontinuing financial products or services to certain clients or potential clients. Any new requirements or increased enforcement of existing requirements could materially and adversely impact our revenue growth and profitability, including, as a result of increased scrutiny of our pricing, underwriting and account management practices; the imposition of fines and customer remediation; higher compliance costs; reputational harm; impacts to our ability to issue cards or extend credit to current and prospective Card Members, appropriately price for the value of our products or work with certain business partners; and changes to our business practices generally.

We are subject to significant supervision and regulation with respect to compliance with AML/CFT laws, sanctions regimes and anti-corruption laws in numerous jurisdictions. As regulators increase their focus with respect to these financial crimes laws, new technologies such as digital currencies develop, near real-time money movement solutions are adopted, we introduce new products and geopolitical tensions increase, we face increased costs related to oversight, supervision and potential fines. We have been engaging with our federal regulators in relation to certain aspects of our financial crimes compliance program and we are working to enhance our existing programs, policies and procedures and identify and remediate deficiencies to strengthen our program and address regulatory feedback. From time to time, we identify transactions or accounts relating to certain sanctioned parties that we terminate, block and report to our regulators, as applicable. Errors, failures or delays in complying with financial crimes laws, deficiencies in our related compliance programs or association of our business with money laundering, terrorist financing, tax fraud or other illicit activities or sanctioned persons, entities, governments or countries could give rise to significant supervisory, criminal and civil proceedings and lawsuits, which could result in significant penalties and forfeiture of assets, loss of licenses or restrictions on business activities, or other enforcement actions, and our reputation may suffer due to our customers’ association with certain countries, persons or entities or the existence of any such transactions. Additionally, our financial crimes compliance programs may limit our ability to pursue certain business opportunities or affect our relationships with certain partners, service providers and other third parties.

See “Supervision and Regulation” under “Business” for more information about certain laws and regulations to which we are subject and their impact on us.

Litigation and regulatory actions could subject us to significant fines, penalties, judgments and/or requirements resulting in significantly increased expenses, damage to our reputation and/or a material adverse effect on our business and results of operations.

At any given time, we are involved in a number of legal proceedings, including class action lawsuits, mass arbitrations and similar actions. Many of these actions include claims for substantial compensatory or punitive damages and require us to incur significant costs for legal representation, arbitration fees or other legal or related services. While we have historically relied on our arbitration clause in agreements with customers to limit our exposure to class action litigation, there can be no assurance that we will be able to continue to maintain our arbitration provisions in the future or be successful in enforcing them, including as a result of legal challenges to, and new regulations affecting, our arbitration provisions, and claims of the type we previously arbitrated could be subject to the complexities, risks and costs associated with class action cases. The continued focus of merchants and other parties on issues relating to the acceptance of various forms of payment may lead to additional litigation and other legal actions. Given the inherent uncertainties involved in litigation, and the very large or indeterminate damages and broad injunctive relief sought in some matters asserted against us, there is significant uncertainty as to the ultimate liability we may incur, and changes to our business practices we may be required to make, due to litigation.

We expect that financial institutions, such as American Express, will continue to face significant regulatory scrutiny, with regulators taking formal enforcement actions against financial institutions in addition to addressing supervisory concerns through non-public supervisory actions or findings, which could involve restrictions on our activities, among other limitations, that could adversely affect our business. In addition, a violation of law or regulation by another financial institution could give rise to an investigation by regulators and other governmental agencies of the same or similar practices by us. Further, a single event may give rise to numerous and overlapping investigations and proceedings. External publicity concerning investigations can increase the scope and scale of investigations and lead to further regulatory inquiries.

We are also involved at any given time with governmental and regulatory inquiries, investigations and proceedings. Regulatory scrutiny has continued to increase in a number of areas, and regulatory action could subject us to significant fines, penalties or other requirements resulting in Card Member reimbursements, increased expenses, limitations or conditions on our business activities, and damage to our reputation and our brand, all of which could materially adversely affect our business and results of operations. For example, as previously disclosed, in 2025 we entered into agreements to resolve governmental investigations related to historical sales practices for certain U.S. small business customers.

Legal proceedings regarding provisions in our merchant contracts, including non-discrimination and honor-all-cards provisions, could have a material adverse effect on our business and result in additional litigation and/or arbitrations, changes to our merchant agreements and/or business practices, substantial monetary damages and damage to our reputation and brand.

Table of Contents

We are, and have been in the past, a defendant in a number of actions, including legal proceedings, arbitrations and proposed class actions, challenging certain provisions of our card acceptance agreements. See Note 12 to the “Consolidated Financial Statements” for a description of certain outstanding legal proceedings.

An adverse outcome in these proceedings could have a material adverse effect on our business and results of operations, require us to change our merchant agreements in a way that could expose our cards to increased merchant surcharging, steering and other forms of discrimination that could impair the Card Member experience, result in additional litigation and/or arbitrations, impose substantial monetary damages and damage our reputation and brand. Even if we were not required to change our merchant agreements, changes in Visa’s and Mastercard’s policies or practices as a result of legal proceedings, lawsuit settlements or regulatory actions pending against them could result in changes to our business practices and materially and adversely impact our profitability. For example, in November 2025 Visa and Mastercard proposed a lawsuit settlement agreement that would, among other things, require reductions and caps on interchange fees, provide merchants greater options to impose a surcharge on credit transactions, and allow merchants to choose not to accept certain categories of credit cards. If the settlement agreement is approved by the court, or Visa and Mastercard otherwise agree to make similar changes, it may result in greater surcharging generally, decreased acceptance by merchants of certain types of cards, such as premium cards, or downward pressure on our merchant discount rates from decreases in competitor pricing in connection with reductions and caps on interchange fees.

We rely on third-party providers for acquiring and servicing customers, technology, platforms and other services integral to the operations of our businesses. These third parties may act in ways or experience issues that could materially harm our business.

We rely on third-party service providers, cobrand partners, merchants, dining partners, affiliate marketing firms, merchant acquirers, processors, payment facilitators, network partners and other third parties for services that are integral to our operations and are subject to the risk that activities of such third parties may adversely affect our business. As outsourcing, specialization of functions, third-party digital services and technology innovation within the payments industry and related service functions increase (including with respect to mobile technologies, tokenization, big data, AI and cloud-based solutions), more third parties are involved in processing payment transactions, handling our data and supporting our operations and we may require significantly greater scale from these third parties. For example, we rely on third parties for the timely transmission of accurate information across our global network, card acquisition and provision of services to our customers.

We have experienced in certain limited circumstances and may continue to experience disruptions, operational issues or other events with respect to our third parties or our third parties’ service providers, including their failure to fulfill their obligations, contractual breaches and the information, cybersecurity and operational incidents described above, and we also have identified weaknesses in certain third parties’ processes and controls. Such disruptions, operational issues, control and process weaknesses or other events could interrupt or compromise the quality of our services to customers, impact the confidentiality, integrity, availability and security of our data, lead to fraudulent transactions on our cards or other products, impact our business, cause brand or reputational damage, and lead to costs associated with responding to a disruption, including notification and remediation costs, costs to switch service providers or move operations in house, regulatory investigations and fines and increased regulatory oversight and litigation. Third parties may face similar or greater risks than we do, including as a result of their relationship with us; however, they may be less prepared to mitigate those risks and may be targeted by bad actors as a result, which can result in greater disruptions and other risk events. Third parties may also act in other ways that are inconsistent with our interests or contrary to our strategic or technological initiatives, such as ceasing to provide data to us or using our data in a way that was not authorized or diminishes the value of the transaction data we receive through our integrated payments platform.

The management and oversight of an increasing number of third parties increases our operational complexity and governance challenges and decreases our control. A failure to exercise adequate oversight over third parties, including compliance with service level agreements or regulatory or legal requirements, could result in regulatory actions, fines, litigation, sanctions or economic and reputational harm to us. In addition, we may not be able to effectively monitor or mitigate operational risks relating to our third-party providers’ service providers. We are also exposed to the risk that a service disruption at a service provider common to our third parties could impede their ability to provide services to us. Notwithstanding any attempts to diversify our reliance on third parties, in certain cases there may be limited alternatives or high costs for diversification, and we also may not be able to effectively mitigate operational risks relating to the service providers of our third-party providers.

Our use of models, including the data that underlie them, to manage risk and make business decisions may not be effective.

We use models and automation throughout our business, including to inform and support decision making, manage risks, estimate financial values and forecast liquidity and funding needs. Although we have a governance framework for model development and independent model validation, the modeling methodology or key assumptions could be erroneous or the models could be misused. In addition, issues with completeness, accuracy and timeliness of data inputs, the quality or effectiveness of our data aggregation and validation procedures, and the quality and integrity of formulas and algorithms, could result in ineffective or inaccurate model outputs and reports. Models based on historical data sets might not be accurate predictors of future outcomes, such as when we lack recent precedent or recent precedent deviates from current circumstances because of changes in customer behavior, the credit or demographic profiles of our Card Members, the geopolitical or macroeconomic environment or otherwise. We periodically review our models, and updates that we make may result in significantly different outputs. Additionally, we increasingly use models that leverage AI, which are subject to additional risks such as biased or inaccurate results or lowered interpretability. The complexity of these models and our limited transparency into the AI may make it difficult to understand certain outputs or identify errors. Certain models, such as models used to estimate reserves for credit losses under Current Expected Credit Loss (CECL) and Membership Rewards liability, require us to make difficult, subjective and complex judgments, and utilize forward-looking information and information provided by third parties over which we have limited oversight or control. If our business decisions, risk management practices or financial estimates and forecasts are based on incorrect or misused models and assumptions or we fail to manage data inputs effectively and to aggregate or analyze data in an accurate and timely manner, our results of operations and financial condition may be materially adversely affected.

Table of Contents

Our success is dependent on maintaining a culture that adheres to our values and upon our executive officers and other key personnel, and misconduct by or loss of personnel could materially adversely affect our business.

We rely upon our colleagues not only for business success, but also to adhere to our Blue Box Values, which include acting with integrity, promoting a culture of respect and operating with a mindset of controls and risk management. To the extent our colleagues behave in a manner that does not comport with our company’s values, including acting in ways that harm customers, colleagues or others, the consequences to our brand, reputation and compliance and risk management efforts could be severe and could negatively affect our financial condition and results of operations.

The market for qualified, highly motivated individuals with a range of perspectives is highly competitive and we may not be able to attract and retain such individuals. Advances in technology such as AI may increase competition for individuals with expertise in key skills and require our colleagues to adapt to new skills and methods of working. The unexpected loss of key personnel or our inability to effectively execute succession planning for such personnel could disrupt our business and have an adverse impact on our future performance. Changes in immigration and work permit laws and regulations or the administration or enforcement of such laws or regulations or other changes in the legal or regulatory environment can also impair our ability to attract and retain qualified personnel, or to employ colleagues in the location(s) of our choice. Our compensation practices are subject to regulatory review and oversight, which could further affect our ability to attract and retain our executive officers and other key personnel. Our inability to attract, develop and retain highly skilled and motivated personnel with a range of perspectives could materially adversely affect our business and our culture.

Regulation in the areas of privacy, data protection, data management, resiliency, data transfer, third party oversight, account access, AI & ML and information security and cybersecurity could increase our costs and affect or limit our business opportunities and how we collect, use and/or retain personal information.

Legislators and regulators in the United States and other countries in which we operate are increasingly adopting or revising privacy, data protection, data management, resiliency, data transfer, third party oversight, account access, AI & ML and information security and cybersecurity laws, including data localization, authentication and notification laws. As such laws are interpreted and applied (in some cases with significant differences or conflicting requirements across jurisdictions), compliance and technology costs will continue to increase. Additionally, automated decision making and AI & ML technologies, including the adoption of agentic commerce, present novel and complex legal risks, often with limited established guidance and significant uncertainty. New laws and regulations related to these technologies, as well as the application of existing laws and regulations, may restrict or impose burdensome and costly requirements on our ability to use them or impact other aspects of our business, particularly as the legal landscape related to these technologies remains fragmented with potentially inconsistent requirements.

Compliance with current or future laws in the aforementioned areas could significantly impact our business operations, including our collection, use, sharing, retention and safeguarding of consumer, partner and/or colleague information and could restrict our ability to fully maximize our integrated payments platform or provide certain products and services or work with certain service providers, which could materially and adversely affect our profitability. Our failure to comply with such laws, including as a result of process breakdowns, human error or technical issues, or to maintain sufficient governance and control structures could result in potentially significant regulatory and/or governmental investigations and/or actions, litigation, fines, sanctions, ongoing regulatory monitoring, customer attrition, decreases in the use or acceptance of our cards and damage to our reputation and our brand. In recent years, there has been increasing regulatory enforcement and litigation activity in the areas of privacy, data protection, data management, AI & ML and information security and cybersecurity in the United States, the EU and various other countries in which we operate and our data protection and governance programs have become the subject of heightened scrutiny.

For more information on regulatory and legislative activity in this area, see “Supervision and Regulation — Privacy, Data Protection, Data Management, AI, Resiliency, Information Security and Cybersecurity” under “Business.”

If we are not able to protect our intellectual property rights, or successfully defend against any infringement or misappropriation assertions brought against us, our revenue and profitability could be negatively affected.

We rely on a variety of measures to protect our intellectual property rights and control access to, and distribution of, our trade secrets and other proprietary information. These measures may not prevent infringement of our intellectual property rights or misappropriation of our proprietary information and a resulting loss of competitive advantage. Our ability to detect infringements of our intellectual property, enforce intellectual property rights and prevent disclosure of our trade secrets and other proprietary information may be limited and such efforts may be costly. In addition, competitors or other third parties may allege that our products, systems, processes or technologies infringe on their intellectual property rights. Given the complex, rapidly changing and competitive technological and business environments in which we operate, and the potential risks and uncertainties of intellectual property-related litigation, a future assertion of an infringement or misappropriation claim against us could cause us to lose significant revenues, incur significant defense, license, royalty or technology development expenses, and/or pay significant monetary damages. Furthermore, given intellectual property ownership and license rights surrounding AI, such as generative AI, are currently not fully addressed by courts or regulators, we may not be able to protect our intellectual property rights against infringing use and our use or adoption of AI may result in exposure to claims by third parties.

Tax legislative initiatives or assessments could adversely affect our results of operations and financial condition.

We are subject to income and other taxes in the United States and in various foreign jurisdictions. The laws and regulations related to tax matters are extremely complex, require significant judgment and are subject to varying interpretations. Although management believes our positions are reasonable, they are subject to challenge by the Internal Revenue Service in the United States and by tax authorities in other jurisdictions in which we conduct business operations, which could have an adverse impact on our tax liabilities. Refer to Note 19 to the “Consolidated Financial Statements” for information on the U.S. federal income tax audit of transfer pricing arrangements between our U.S. and foreign subsidiaries.

We are being challenged in a number of countries regarding our application of value-added taxes (VAT) to certain transactions. While we believe we comply with all applicable VAT and other tax laws, rules and regulations in the relevant jurisdictions, the tax

Table of Contents

authorities may determine that we owe additional taxes or apply existing laws and regulations more broadly, which could result in a significant increase in liabilities for taxes and interest in excess of accrued liabilities.

Legislative action or inaction in the jurisdictions in which we have operations could increase our effective tax rate. For example, guidelines issued by the Organization for Economic Cooperation and Development introduced a global minimum tax of 15 percent on the global profits of multinational enterprises, such as us. The global minimum tax increased our tax liability in 2025 as it came into effect in various jurisdictions where we operate and we expect the global minimum tax will continue to increase our tax liability in 2026 if it continues to be in effect in its current form.

Jurisdictions may also make changes related to the tax treatment of card transactions, such as imposing taxes on Card Member rewards or prohibiting interchange fees on sales tax, which could decrease the value we provide to customers and adversely impact our business.

Our operations, business, customers and partners could be adversely affected by climate-related risks.

We may face physical risks related to climate, including rising average global temperatures, rising sea levels and an increase in the frequency and severity of extreme weather events and natural disasters. Such events and disasters could disrupt our operations or the operations of customers or third parties on which we rely and could result in market volatility or negatively impact our customers’ spending behaviors or ability to pay outstanding loans. We also may face risks related to the transition to a low-carbon economy, such as changes in consumer preferences, travel patterns and legal requirements, which could impact our revenues or expenses or otherwise adversely affect our business, our customers and partners.

We may not be able to effectively identify, measure or control our exposure to climate-related risks, particularly given that the timing, nature and severity of the impacts of these risks may not be predictable. We could be criticized for the timing, scope or nature of our climate-related initiatives and goals. There can be no assurance that we will achieve these goals, which depend in part on third-party performance, data that is outside of our control and methodologies that may evolve over time. We could be required to change our business, management practices and partnerships, incur expenses from changes to our technology, operations, products and services and experience reputational harm as a result of negative public sentiment, regulatory scrutiny and reduced stakeholder confidence, due to our response or perceived lack of response to climate and environmental issues.

Credit, Market and Liquidity Risks

We are exposed to credit risk and trends that affect Card Member spending and the ability of customers and partners to pay us, which could have a material adverse effect on our results of operations and financial condition.

We are exposed to both individual credit risk, principally from consumer and small business Card Member loans and receivables, and institutional credit risk, principally from corporate Card Member loans and receivables, merchants, network partners, loyalty coalition partners and treasury and investment counterparties. Third parties may default on their obligations to us due to bankruptcy, lack of liquidity, operational failure or other reasons. General economic factors, such as recession or slow economic growth, unemployment, inflation, structural changes in the economy and interest rates, may result in greater delinquencies that lead to greater credit losses. A customer’s ability and willingness to repay us can be negatively impacted not only by economic, market, political and social conditions but also by a customer’s other payment obligations (with these factors sometimes influencing one another, such as the end of the moratorium on student loan repayments), and increasing leverage can result in a higher risk that customers will default or become delinquent in their obligations to us.

We rely principally on the customer’s creditworthiness for repayment of loans or receivables and therefore often have no other recourse for collection. Our ability to assess creditworthiness may be impaired as a result of changes in our underwriting practices or if the criteria or models we use to manage our credit risk prove inaccurate in predicting future losses, which could have a negative impact on our results of operations. This may be exacerbated to the extent information we have historically relied upon to make credit decisions does not accurately portray a customer’s creditworthiness, including as a result of the current interest rate and economic conditions. Further, our pricing strategies, particularly for new lending features and non-card lending products, may not offset the negative impact on profitability caused by increases in delinquencies and losses; thus any material increases in delinquencies and losses beyond our current estimates could have a material adverse impact on us. Although we make estimates to provide for credit losses in our outstanding portfolio of loans and receivables, these estimates may not be accurate. In addition, the information we use in managing our credit risk may be inaccurate or incomplete.

Rising indicators of credit losses, both with respect to our customers, such as delinquencies, and with respect to broader macroeconomic factors, such as current or future levels of unemployment, gross domestic product (GDP) and bankruptcies, may require us to increase our reserve for credit losses and result in future write-offs. Higher write-off rates and increases in our reserves for credit losses adversely affect our profitability and the performance of our securitizations, and may increase our cost of funds.

Although we regularly review our credit exposure to specific clients and counterparties and to specific industries, countries and regions that we believe may present credit concerns, default risk may arise from events or circumstances that are difficult to foresee or detect, such as fraud. In addition, our ability to manage credit risk or collect amounts owed to us may be adversely affected by legal or regulatory changes (such as restrictions on collections or changes in bankruptcy laws, minimum payment regulations and re-age guidance), changes in customer behavior (such as the increased use of debt settlement companies) or decreases in the effectiveness of our collections operations. Increased credit risk, whether resulting from underestimating the credit losses inherent in our portfolio of loans and receivables, deteriorating economic or political conditions (particularly in the United States, as U.S. Card Members were responsible for approximately 79 percent of our total Card Member loans and receivables outstanding as of December 31, 2025), increases in the level of loan and receivable balances, changes in our mix of business or otherwise, could require us to increase our provisions for losses and could have a material adverse effect on our results of operations and financial condition.

Table of Contents

Interest rate changes could materially adversely affect our earnings.

We had net interest income of approximately $17.4 billion for the year ended December 31, 2025. Changes in interest rates could adversely affect our net interest yield, and consequently our net interest income and results of operations, including if our borrowing costs and the interest we pay on deposits increase at a greater magnitude than the rate of interest we earn on our loans. In addition, interest rate changes or prolonged periods of elevated or depressed rates may affect customer behavior, such as by impacting the balances Card Members carry on their cards or their ability to make payments to us, general spending and economic activity, or the demand for deposit accounts. While we take actions to mitigate interest risk, such as employing hedging strategies and changing the rates we pay on deposits, these actions may not be effective and we may be limited in our ability to maintain the spread between our borrowing costs and our interest income, whether as a result of changes in benchmark rates, regulation, the competitive environment, customer behavior or otherwise. For a further discussion of our interest rate risk, see “Risk Management ― Market Risk Management Process” under “MD&A.”

We are subject to capital adequacy and liquidity rules, and if we fail to meet our capital and liquidity requirements, our business would be materially adversely affected.

As a financial institution, we are subject to extensive and complex capital and liquidity requirements. Our failure to meet current or future requirements, whether as a result of adverse business developments or changes in the applicable requirements, could compromise our competitive position and result in restrictions imposed by the Federal Reserve, or the OCC with respect to AENB, including limiting our ability to pay dividends, repurchase our capital stock, invest in our business, expand our business or engage in acquisitions. Some elements of the capital and liquidity regimes are not yet final and certain developments could significantly impact the requirements applicable to financial institutions. For example, if the U.S. federal bank regulatory agencies adopt the 2017 Basel Committee standards revisions to the standardized approach for credit risk and operational capital requirements, it could result in significantly higher regulatory capital requirements. In addition, it may be necessary for us to hold additional capital because of an increase in the SCB requirement based on results from a supervisory stress test.

Compliance with capital adequacy and liquidity rules requires a material investment of resources and may be affected by unforeseen events impacting our business or general economic conditions. An inability to meet regulatory expectations regarding our compliance with applicable capital adequacy and liquidity rules or supervisory expectations regarding capital and liquidity risk management capabilities and practices may also negatively impact the assessment of us and AENB by federal banking regulators. Additionally, as a Category III firm, we are subject to more stringent capital and liquidity requirements, which may further increase if we grow to become a Category II firm.

For more information on capital adequacy requirements, see “Supervision and Regulation — Capital and Liquidity Regulation” under “Business.”

We are subject to restrictions that limit our ability to pay dividends and repurchase our capital stock. Our subsidiaries are also subject to restrictions that limit their ability to pay dividends to us, which may adversely affect our liquidity.

We are limited in our ability to pay dividends and repurchase capital stock by our regulators, who have broad authority to prohibit any action that would be considered an unsafe or unsound banking practice. We are subject to a requirement to submit capital plans to the Federal Reserve for review that include, among other things, projected dividend payments and repurchases of capital stock. As part of the capital planning and stress testing process, our proposed capital actions are assessed against our ability to satisfy applicable capital requirements in the event of a stressed market environment. If we fail to satisfy applicable capital requirements, including the stress capital buffer, our ability to undertake capital actions may be restricted.

Our ability to declare or pay dividends on, or to purchase, redeem or otherwise acquire, shares of our common stock will be prohibited, subject to certain exceptions, in the event that we do not declare and pay in full dividends for the last preceding dividend period of our preferred stock.

We rely on dividends from our subsidiaries for liquidity, and such dividends may be limited by law, regulation or supervisory policy. For example, AENB is subject to various statutory and regulatory limitations on its declaration and payment of dividends. These limitations may hinder our ability to access funds we may need to make payments on our obligations, make dividend payments or otherwise achieve strategic objectives. In addition, as a bank holding company, we may be required to commit capital and financial resources to support AENB, which could adversely affect our liquidity.

Any future reduction or elimination of our common stock dividend or share repurchase program could adversely affect the market price of our common stock and market perceptions of American Express. For more information on bank holding company and depository institution dividend restrictions, see “Supervision and Regulation — Stress Testing and Capital Planning” and “— Dividends and Other Capital Distributions” under “Business,” as well as “Consolidated Capital Resources and Liquidity — Dividends and Share Repurchases” under “MD&A” and Note 21 to the “Consolidated Financial Statements.”

Adverse market conditions may significantly affect our access to, and cost of, capital and ability to meet liquidity needs.

Our ability to obtain financing in the capital markets, such as from unsecured term debt issuances and asset securitizations, is dependent on financial market conditions. Disruptions, uncertainty or volatility across the financial markets, as well as adverse developments affecting us, our competitors, the financial industry or the economy generally, could negatively impact market liquidity and limit our access to funding required to operate and grow our business and satisfy cash needs, maturing liabilities and regulatory capital requirements. In some circumstances, our business growth or funding needs may increase unexpectedly and/or we may incur an unattractive cost to raise capital, which could decrease profitability and significantly reduce financial flexibility. Additional factors affecting the extent to which we may securitize loans and receivables in the future include the overall credit quality of our loans and receivables, the costs of securitizing our loans and receivables, the demand for credit card asset-backed securities and the legal, regulatory, accounting or tax rules affecting securitization transactions and asset-backed securities, generally. Our liquidity and cost of funds would also be adversely affected by the occurrence of events that could result in the early

Table of Contents

amortization of our existing securitization transactions. For a further discussion of our liquidity and funding needs, see “Consolidated Capital Resources and Liquidity” under “MD&A.”

Any reduction in our credit ratings could increase the cost of our funding from, and restrict our access to, the capital markets and have a material adverse effect on our results of operations and financial condition.

Ratings of our long-term and short-term debt and deposits are based on a number of factors, including our financial strength, as well as factors not within our control, including conditions affecting the financial services industry, the U.S. Government and the macroeconomic environment, as well as changes made by ratings agencies to their methodologies or assumptions. Our ratings could be downgraded at any time and without any notice by any of the rating agencies, which could, among other things, adversely limit our access to the capital markets and adversely affect the cost and other terms upon which we are able to obtain funding. Our ability to raise funding through the securitization market also depends, in part, on the credit ratings of the securities we issue from our securitization trusts. If we are not able to satisfy rating agency requirements to confirm the ratings of our asset-backed securities, it could limit our ability to access the securitization markets.

Adverse currency fluctuations and foreign exchange controls could decrease earnings we receive from our international operations.

During 2025, approximately 22 percent of our total revenues net of interest expense were generated from activities outside the United States. We are exposed to foreign exchange risk from our international operations, and accordingly the revenue we generate outside the United States is subject to unpredictable fluctuations if the values of other currencies change relative to the U.S. dollar, which could have a material adverse effect on our results of operations.

Political and economic conditions could continue to cause changes in the values of currencies and a further strengthening of the U.S. dollar will negatively impact our net revenues. Substantial and sudden devaluation of Card Members’ local currency can also affect their ability to make payment to us. Foreign exchange regulations or capital controls might restrict or prohibit the conversion of other currencies into U.S. dollars or our ability to transfer them and the availability of foreign exchange could further impact our results of operations.

An inability to attract or maintain deposits could materially adversely affect our liquidity position and our ability to fund our business.

Our U.S. bank subsidiary, AENB, accepts deposits and uses the proceeds as a source of funding, with our direct retail deposits becoming a larger proportion of our funding over time. We continue to face strong competition with regard to deposits, and pricing and product changes may adversely affect our ability to attract and retain cost-effective deposit balances. To the extent we offer higher interest rates to attract or maintain deposits, our funding costs will be adversely impacted. Additionally, a decrease in confidence in the soundness of us or in the banking sector more broadly, such as following the occurrence of bank failures, or in the level of insurance available on deposits may cause rapid deposit withdrawals or an unwillingness to maintain deposits with us, which could materially adversely affect us and our ability to fund our business. The use of social media and similar channels has the potential to intensify and accelerate such a decrease in confidence in soundness.

Our ability to obtain deposit funding and offer competitive interest rates on deposits is also dependent on AENB’s capital levels. The FDIA’s brokered deposit provisions and related FDIC rules in certain circumstances prohibit banks from accepting or renewing brokered deposits and apply other restrictions, such as a cap on interest rates that can be paid. Additionally, our regulators can adjust applicable capital requirements at any time and have authority to place limitations on our deposit businesses. An inability to attract or maintain deposits in the future could materially adversely affect our ability to fund our business.

The value of our investments may be adversely impacted by economic, political or market conditions.

Market risk includes the loss in value of portfolios and financial instruments due to adverse changes in market variables, which could negatively impact our financial condition. We have experienced realized and unrealized losses in our Amex Ventures ™ equity investments and may experience further losses in the future. As of December 31, 2025, we held approximately $1.0 billion of investment securities, primarily consisting of debt securities, and equity investments, including certain equity method investments, totaling approximately $2.4 billion. Negative market conditions, changes in valuations or increases in default rates or bankruptcies with respect to these investments, due to economic conditions, business performance or otherwise, could have a material adverse impact on the value of our investments, potentially resulting in impairment charges. Defaults, threats of defaults or economic disruptions, even in countries or territories in which we do not have material investment exposure, conduct business or have operations, could adversely affect us.

Table of Contents

ITEM 1B.      UNRESOLVED STAFF COMMENTS

Not applicable.

ITEM 1C.      CYBERSECURITY

We maintain an information security and cybersecurity program and a cybersecurity governance framework that are designed to protect our information systems against operational risks related to cybersecurity.

Cybersecurity Risk Management and Strategy

We define information security and cybersecurity risk as the risk that the confidentiality, integrity or availability of our information and information systems are impacted by unauthorized or unintended access, use, disclosure, disruption, modification or destruction. Information security and cybersecurity risk is an operational risk under our enterprise risk taxonomy, which is measured and managed as part of our operational risk management framework. Operational risk is incorporated into our risk governance framework, which we use to identify, assess, control, measure & monitor and report & escalate risks. For more information on our risk governance framework, see “Risk Management” under “MD&A.”

Our Technology Risk and Information Security (TRIS) program, which is our enterprise information security and cybersecurity program incorporated in our risk governance framework and led by our Chief Information Security Officer (CISO), is designed to (i) ensure the security, confidentiality, integrity and availability of our information and information systems; (ii) protect against any anticipated threats or hazards to the security, confidentiality, integrity or availability of such information and information systems; and (iii) protect against unauthorized access to or use of such information or information systems that could result in substantial harm or inconvenience to us, our colleagues or our customers. The TRIS program is built upon a foundation of advanced security technology, employs a highly trained team of experts and is designed to operate in alignment with global regulatory requirements. The program deploys multiple layers of controls, including embedding security into our technology investments, which are designed to identify, protect, detect, respond to and recover from information security and cybersecurity incidents. Those controls are measured and monitored by a combination of subject matter experts and a security operations center with integrated cyber detection, response and recovery capabilities. The TRIS program includes our Enterprise Incident Response Program, which manages information security incidents involving compromises of sensitive information, and our Cyber Crisis Response Plan, which provides a documented framework for handling critical security incidents and facilitates coordination across multiple parts of the Company to manage response efforts. We also routinely perform simulations and drills at both a technical and management level, and our colleagues receive annual cybersecurity awareness training.

The TRIS program aligns with the standards developed by the Cyber Risk Institute Profile for the financial sector and global regulatory requirements and incorporates reviews and assessments by our independent Technical Risk Management Team (part of our second line of defense), our Internal Audit Group (our third line of defense) and external experts. In addition, we engage third parties to provide specialized services and capabilities, including vulnerability insights, operation of certain security controls and threat intelligence. We also collaborate with our peers in areas of threat intelligence, vulnerability management, incident response and drills, and are active participants in industry and government forums.

Cybersecurity risks related to third parties are managed as part of our Third Party Management Policy , which sets forth the procurement, risk management and contracting framework for managing third-party relationships commensurate with their risk and complexity. Our Third Party Lifecycle Management (TLM) program sets guidelines for identifying, measuring, monitoring, and reporting the risks associated with third parties through the life cycle of the relationships, which includes planning, due diligence and third-party selection, contracting, ongoing monitoring and termination. Our TLM program includes the identification of third parties with risks related to information security. Third parties that access, process, collect, share, create, store, transmit or destroy our information or have access to our systems may have additional security requirements depending on the levels of risk, such as enhanced risk assessments and monitoring, and additional contractual controls.

While we do not believe that our business strategy, results of operations or financial condition have been materially adversely affected by any cybersecurity incidents, cybersecurity threats are pervasive and, similar to other global financial institutions, we, as well as our customers, colleagues, regulators, service providers and other third parties, have experienced a significant increase in information security and cybersecurity risk in recent years and will likely continue to be the target of cyberattacks. We continue to assess the risks and changes in the cyber environment, invest in enhancements to our cybersecurity capabilities, and engage in industry and government forums to promote advancements in our cybersecurity capabilities, as well as the broader financial services cybersecurity ecosystem. For more information on risks to us from cybersecurity threats, see “ A major information or cybersecurity incident could lead to reputational damage to our brand and material legal, regulatory and financial exposure, and could reduce the use and acceptance of our products and services .” under “Risk Factors.”

Table of Contents

Cybersecurity Governance

Under our cybersecurity governance framework, our Board and Risk Committee are primarily responsible for overseeing and governing the development, implementation and maintenance of our TRIS program, with our Board designating our Risk Committee to provide oversight and governance of technology and cybersecurity risks. Our Board receives an update on cybersecurity at least once a year from our CISO or their designee. Our Risk Committee receives reports on cybersecurity at least twice a year, including in at least one joint meeting with our Audit and Compliance Committee, and our Board and these committees all receive ad hoc updates as needed. In addition, our Risk Committee annually approves our TRIS program.

We have multiple internal management committees that are responsible for the oversight of cybersecurity risk. Our Technology, Data, Resiliency Risk Committee (TDRRC), co-chaired by our Chief Information Officer and the Head of Technical Risk Management, provides oversight and governance for our information security risk management activities, including those related to cybersecurity. This includes efforts to identify, assess, control, measure & monitor and report & escalate information security risks associated with our information and information systems and potential impacts to the American Express brand. The TDRRC escalates risks to our Enterprise Risk Management Committee (ERMC), co-chaired by our Chief Executive Officer and our Chief Risk Officer, or our Board based on the escalation criteria provided in our enterprise-wide risk appetite framework. Members of management with cybersecurity oversight responsibilities are informed about cybersecurity risks and incidents through a number of channels, including periodic and annual reports, with the annual report on our TRIS program also provided to our Risk Committee, the TDRRC and ERMC.

Our CISO leads the strategy, engineering and operations of cybersecurity across the Company and is responsible for providing annual updates to our Board, the ERMC and the TDRRC on our TRIS program, as well as ad hoc updates on information security and cybersecurity matters. Our current CISO has held a series of roles in telecommunications, networking and information security at American Express, including promotion to the CISO role in 2013, and is also responsible for technology risk management. Prior to joining American Express, our current CISO served in a variety of technology leadership roles at a public pharmaceutical and biotechnology company for 14 years. Our CISO reports to the Chief Information Officer, information about whom is included in “Information About Our Executive Officers” under “Business.”

For more information on our risk governance structure, see “Risk Management — Governance and Board Oversight” and “Risk Management —Operational Risk Management Process” under “MD&A.”

Table of Contents

ITEM 2.    PROPERTIES

Our principal executive offices are in a 2.2 million square foot building located in lower Manhattan on land leased from the Battery Park City Authority. We have an approximately 49 percent ownership interest in the building and an affiliate of Brookfield Financial Properties owns the remaining approximately 51 percent interest in the building. We also lease space in the building from Brookfield’s affiliate.

Other owned or leased principal locations include American Express offices in Phoenix, Arizona, Sunrise, Florida, Gurgaon and Bangalore, India, Manila, Philippines, Brighton, England, Tokyo, Japan, Kuala Lumpur, Malaysia, Rome, Italy and Sydney, Australia; the American Express data centers in Phoenix, Arizona and Greensboro, North Carolina; the headquarters for AENB in Sandy, Utah; the headquarters for American Express Services Europe Limited in London, England; the headquarters for American Express Europe, S.A. in Madrid, Spain; the headquarters for Amex Bank of Canada and Amex Canada Inc. in Toronto, Ontario, Canada; and the headquarters for American Express Company (Mexico) S.A. de C.V. in Mexico City, Mexico. We also lease and operate multiple lounges as a benefit for our Card Members, including in major U.S. and global hub airports.

ITEM 3.    LEGAL PROCEEDINGS

Refer to Note 12 to the “Consolidated Financial Statements,” which is incorporated herein by reference.

ITEM 4.    MINE SAFETY DISCLOSURES

Not applicable.

Table of Contents

PART II

ITEM 5.    MARKET FOR REGISTRANT’S COMMON EQUITY, RELATED STOCKHOLDER MATTERS AND ISSUER PURCHASES OF EQUITY SECURITIES

(a) Our common stock trades principally on The New York Stock Exchange under the trading symbol AXP. As of December 31, 2025, we had 15,910 common shareholders of record. You can find dividend information concerning our common stock in the Consolidated Statements of Shareholders’ Equity in the “Consolidated Financial Statements.” For information on dividend restrictions, see “Supervision and Regulation — Dividends and Other Capital Distributions” under “Business” and Note 21 to the “Consolidated Financial Statements.” You can find information on securities authorized for issuance under our equity compensation plans under the caption “Executive Compensation — Equity Compensation Plans” to be contained in our definitive 2026 proxy statement for our Annual Meeting of Shareholders, which is scheduled to be held on May 5, 2026. The information to be found under such caption is incorporated herein by reference. Our definitive 2026 proxy statement for our Annual Meeting of Shareholders is expected to be filed with the SEC in March 2026 (and, in any event, not later than 120 days after the close of our most recently completed fiscal year).

Stock Performance Graph

The information contained in this Stock Performance Graph section shall not be deemed to be “soliciting material” or “filed” or incorporated by reference in future filings with the SEC, or subject to the liabilities of Section 18 of the Exchange Act, except to the extent that we specifically incorporate it by reference into a document filed under the Securities Act or the Exchange Act.

The following graph compares the cumulative total shareholder return on our common shares with the total return on the S&P 500 Index and the S&P Financial Index for the last five years. It shows the growth of a $100 investment on December 31, 2020, including the reinvestment of all dividends.

Year-end Data

American Express

S&P 500 Index

S&P Financial Index

Table of Contents

(b)    Not applicable.

(c)    Issuer Purchases of Securities

The table below sets forth the information with respect to purchases of our common stock made by or on behalf of us during the three months ended December 31, 2025.

Total Number of Shares

Purchased

Average Price Paid Per

Share (a)

Total Number of Shares

Purchased as Part of

Publicly Announced Plans

or Programs (b)

Maximum Number of

Shares that May

Yet Be

Purchased Under the

Plans

or Programs

October 1-31, 2025

Repurchase program (c)

Employee transactions (d)

November 1-30, 2025

Repurchase program (c)

Employee transactions (d)

December 1-31, 2025

Repurchase program (c)

Employee transactions (d)

Total

Repurchase program (c)

Employee transactions (d)

(a) The average price paid per share does not reflect costs and taxes associated with the purchase of shares.

(b) Share purchases under publicly announced programs are made pursuant to open market purchases, plans intended to satisfy the affirmative defense conditions of Rule 10b5-1(c) under the Exchange Act, privately negotiated transactions or other purchases, including block trades, accelerated share repurchase programs or any combination of such methods as market conditions warrant and at prices we deem appropriate.

(c) On March 8, 2023, the Board of Directors authorized the repurchase of up to 120 million common shares from time to time, subject to market conditions and in accordance with our capital plans. This authorization replaced the prior repurchase authorization. See “Consolidated Capital Resources and Liquidity” under “MD&A” for additional information regarding share repurchases.

(d) Includes: (i) shares surrendered by holders of employee stock options who exercised options (granted under our incentive compensation plans) in satisfaction of the exercise price and/or tax withholding obligation of such holders and (ii) restricted shares withheld (under the terms of grants under our incentive compensation plans) to offset tax withholding obligations that occur upon vesting and release of restricted shares. Our incentive compensation plans provide that the value of the shares delivered or attested to, or withheld, be based on the price of our common stock on the date the relevant transaction occurs.

ITEM 6.    [RESERVED]

Table of Contents

ITEM 7.    MANAGEMENT’S DISCUSSION AND ANALYSIS OF FINANCIAL CONDITION AND RESULTS OF OPERATIONS (MD&A)

EXECUTIVE OVERVIEW

BUSINESS INTRODUCTION

We are a global payments and premium lifestyle brand powered by technology with four reportable operating segments: U.S. Consumer Services (USCS), Commercial Services (CS), International Card Services (ICS) and Global Merchant and Network Services (GMNS). Corporate functions and certain other businesses and operations are included in Corporate & Other.

Our range of products and services includes:

• Credit and charge cards and complementary products and services, including travel, dining, lifestyle and expense management products and services

• Banking and other payment and financing products and services, including deposits and non-card lending

• Merchant acquisition and processing, servicing and settlement, fraud prevention, and point-of-sale marketing and information products and services

• Network services

The following types of revenue are generated from our various products and services:

• Discount revenue, our largest revenue source, primarily represents the amount we earn and retain from the merchant payable for facilitating transactions between Card Members and merchants on payment products issued by American Express. The amount of fees charged for accepting our cards as payment, or merchant discount, varies with, among other factors, the industry in which the merchant conducts business, the merchant’s overall American Express-related transaction volume, the method of payment, the settlement terms with the merchant, the method of submission of transactions and, in certain instances, the geographic scope for the card acceptance agreement between the merchant and us (e.g., local or global) and the transaction amount. In some instances, an additional flat transaction fee is assessed as part of the merchant discount, and additional fees may be charged such as a variable fee for card-not-present transactions or for transactions using cards issued outside the United States at merchants located in the United States;

• Interest income, principally represents interest earned on outstanding loan balances;

• Net card fees, represent revenue earned from annual card membership fees, which vary based on the type of card and the number of cards for each account; and

• Service fees and other revenue, primarily represent revenues related to network partnership agreements (comprising royalties, fees and amounts earned for facilitating transactions on cards issued by network partners), fees earned on alternative payment solutions facilitated by American Express, foreign currency-related fees charged to Card Members, loyalty coalition, merchant and other service fees, Card Member delinquency fees, travel commissions and fees, and income (losses) from our investments in which we have significant influence.

Refer to the “Glossary of Selected Terminology” below for the definitions of certain key terms and related information appearing within this Form 10-K and “Critical Accounting Estimates” below for a discussion of certain of our accounting policies requiring significant management assumptions and judgments.

NON-GAAP MEASURES

We prepare our Consolidated Financial Statements in accordance with accounting principles generally accepted in the United States of America (GAAP). However, certain information included within this report constitutes non-GAAP financial measures. Our calculations of non-GAAP financial measures may differ from the calculations of similarly titled measures by other companies.

Beginning in the third quarter of 2025, we ceased reporting Net interest yield on average Card Member loans, a non-GAAP measure that was computed by dividing adjusted net interest income by average Card Member loans, and began reporting (together with prior period comparative information) Net interest yield on average Total loans and Card Member receivables, a GAAP measure that represents net interest income divided by average Card Member loans, Card Members loans held for sale (HFS), Other loans and Card Member receivables. We believe that this new net interest yield metric reflects the evolution of our products over time, such as the expansion of lending features on our charge card portfolio. See Table 1 for more information.

Table of Contents

TABLE 1: SUMMARY OF FINANCIAL PERFORMANCE

Years Ended December 31,

Change

Change

(Millions, except percentages, per share amounts and where indicated)

Selected Income Statement Data

Total revenues net of interest expense

Total revenues net of interest expense (FX-adjusted) (a)

Provisions for credit losses

Total expenses

Pretax income

Income tax provision

Net income

Earnings per common share — diluted (b)

Selected Balance Sheet and Common Share Data

Cash and cash equivalents

Total loans and Card Member receivables (c)

Total loans and Card Member receivables (FX-adjusted) (a)(c)

Average Total loans and Card Member receivables

Customer deposits

Long-term debt

Average common shares outstanding — diluted

Cash dividends declared per common share

Selected Metrics and Ratios

Network volumes (billions)

Billed business (billions)

Billed business (billions) (FX-adjusted) (a)

Net interest yield (d)

Card Member loans and receivables

Net write-off rate — principal, interest and fees (e)

Net write-off rate — principal only — consumer and small business (e)(f)

30+ days past due as a % of total — consumer and small business (g)

Effective tax rate

Return on average equity (h)

Common Equity Tier 1

(a) The foreign currency adjusted information assumes a constant exchange rate between the periods being compared for purposes of currency conversion into U.S. dollars (i.e., assumes the foreign exchange rates used to determine results for the current period apply to the corresponding prior year period against which such results are being compared). FX-adjusted Total revenues net of interest expense and Total loans and Card Member receivables are non-GAAP measures. We believe the presentation of information on a foreign currency adjusted basis is helpful to investors by making it easier to compare our performance in one period to that of another period without the variability caused by fluctuations in currency exchange rates.

(b) Represents net income, less (i) earnings allocated to participating share awards of $74 million, $76 million and $64 million for the years ended December 31, 2025, 2024 and 2023, respectively, and (ii) dividends on preferred shares of $58 million for each of the years ended December 31, 2025, 2024 and 2023. Refer to Note 15 and Note 20 to the “Consolidated Financial Statements” for further details on preferred shares and earnings per common share (EPS), respectively.

(c) Total loans reflects Card Member loans and Other loans.

(d) Represents net interest income divided by average Card Member loans, Card Member loans HFS, Other loans and Card Member receivables.

(e) We present a net write-off rate based on principal losses only (i.e., excluding interest and/or fees) to be consistent with industry convention. In addition, as our practice is to include uncollectible interest and/or fees as part of our total provision for credit losses, a net write-off rate including principal, interest and/or fees is also presented.

(f) A net write-off rate based on principal losses only is not available for corporate receivables due to system constraints.

(g) For corporate receivables, delinquency data is tracked based on days past billing status rather than days past due. Refer to Table 11 for 90+ days past billing metrics for corporate receivables.

(h) Return on average equity (ROE) is calculated by dividing (i) net income by (ii) average shareholders’ equity.

Table of Contents

BUSINESS PERFORMANCE

Our strong results for the year reflect the earnings power of our business model, driven by our premium, high credit-quality customer base and the greater scale and operating leverage we have achieved over the last several years, as well as the impact of strategic investments that strengthen our Membership Model and drive growth. We continued to see momentum across the business, with stable growth across Card Member spending and loans and strong growth in card fees, along with excellent credit performance. We launched our refreshed U.S. Consumer and Business Platinum Cards at the end of the third quarter and have seen strong customer demand and engagement. The continued global expansion of our merchant network contributed to our growth, as we added millions of new merchant locations globally in 2025 and continued to increase coverage across our top international countries. Net income for the year was $10.8 billion, or $15.38 per share, compared with net income of $10.1 billion, or $14.01 per share, a year ago, which included a $0.66 per share gain from the sale of Accertify Inc. (Accertify).

Billed business grew 8 percent year-over-year (7 percent on an FX-adjusted basis), reflecting broad-based growth across geographies and across both Goods & Services (G&S) and Travel & Entertainment (T&E) categories. 1 G&S spend, which accounts for over 70 percent of our total billed business, continued to be driven by robust retail spending, and T&E spend benefited from sustained strength in restaurants, our largest T&E category. U.S. Consumer Services billed business grew 8 percent, with continued momentum in spending by Millennial and Gen-Z Card Members, our fastest-growing cohorts, as our products continue to resonate with these younger customers. Commercial Services billed business grew 3 percent, reflecting continued modest growth from U.S. small and mid-sized enterprise (SME) Card Members. International Card Services billed business grew 14 percent, driven by continued strong growth in spend across geographies and customer types outside the United States. Overall transaction growth of 9 percent for the year reflects continued strong engagement from our customers.

Total revenues net of interest expense increased 10 percent (9 percent on an FX-adjusted basis). 1 Growth in billed business drove a 6 percent increase in Discount revenue, our largest revenue line. Net card fees increased 18 percent, reflecting high levels of new card acquisitions on fee-paying products, strong Card Member retention and our ongoing cycle of product refreshes. Net interest income grew 12 percent, primarily reflecting growth in balances and net yield expansion.

Total loans and Card Member receivables increased 8 percent, in line with growth in billed business. Credit performance was strong and stable throughout the year. Net write-off and delinquency rates remained best-in-class, supported by our premium customer base, our strong focus on risk management and disciplined growth strategy.

Card Member rewards, Card Member services and Business development expenses, which are generally driven by volumes and usage, collectively grew faster than revenues as a result of enhancements to our value propositions to drive Card Member engagement and acquisition and the mix shift towards premium products. Marketing expense increased 4 percent year-over-year as we continued to invest to acquire high-spending, high credit-quality customers. Operating expense grew at a slower pace than revenue even as we continued to invest in enterprise risk management capabilities and technology to support business growth. We remain focused on driving marketing and operating expense efficiencies over time.

During the year, we maintained our CET1 capital ratio within our target range of 10 to 11 percent and returned $7.6 billion of capital to our shareholders in the form of share repurchases and common stock dividends. We plan to continue to return to shareholders the excess capital we generate while managing our CET1 capital ratio within our target range and supporting balance sheet growth. We plan to increase the regular quarterly dividend on common shares outstanding by approximately 16 percent beginning with the first quarter 2026 dividend declaration. Our robust capital, funding and liquidity positions provide us with significant flexibility to maintain a strong balance sheet.

The resiliency of our differentiated business model and the strength and stability of our performance give us confidence to navigate evolving competition and a range of economic environments. While we recognize the uncertainty of the geopolitical and regulatory landscape, we continue to manage the company for the long term, focusing on backing our customers and colleagues, exercising disciplined expense management and strategically investing in our business.

See “Supervision and Regulation” under “Business” for information on legislative and regulatory changes that could have a material adverse effect on our results of operations and financial condition and “Risk Factors” and “Cautionary Note Regarding Forward-Looking Statements” for information on potential impacts of macroeconomic, geopolitical and competitive conditions and certain litigation and regulatory matters on our business.

1 The foreign currency adjusted information assumes a constant exchange rate between the periods being compared for purposes of currency conversion into U.S. dollars (i.e., assumes the foreign exchange rates used to determine results for the current period apply to the corresponding prior year period against which such results are being compared). FX-adjusted revenues is a non-GAAP measure. We believe the presentation of information on a foreign currency adjusted basis is helpful to investors by making it easier to compare our performance in one period to that of another period without the variability caused by fluctuations in currency exchange rates.

Table of Contents

CONSOLIDATED RESULTS OF OPERATIONS

The discussions in both “Consolidated Results of Operations” and “Business Segment Results of Operations” provide commentary on the variances for the year ended December 31, 2025 compared to the year ended December 31, 2024, as presented in the accompanying tables. For a discussion of the financial condition and results of operations for 2024 compared to 2023, please refer to Part II, Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of Operations” in our Annual Report on Form 10-K for the year ended December 31, 2024, filed with the SEC on February 7, 2025.

Beginning in the first quarter of 2025, we made a presentation change to our Consolidated Statements of Income to consolidate Processed revenue within Service fees and other revenue and renamed Processed revenue to network partnership revenue. Prior period amounts have been recast to conform to the current period presentation; there was no impact to Total non-interest revenues. Refer to Note 17 to the “Consolidated Financial Statements” for additional information.

TABLE 2: TOTAL REVENUES NET OF INTEREST EXPENSE SUMMARY

Years Ended December 31,

Change

Change

(Millions, except percentages)

Discount revenue

Net card fees

Service fees and other revenue

Total non-interest revenues

Total interest income

Total interest expense

Net interest income

Total revenues net of interest expense

TOTAL REVENUES NET OF INTEREST EXPENSE

Discount revenue increased, primarily driven by an increase in billed business of 8 percent, partially offset by lower average merchant discount rates due to shifts in geographic and merchant spend mix. See Tables 5 and 6 for more details on billed business performance.

Net card fees increased, primarily driven by growth in our premium card portfolios. See Table 5 for more details on proprietary new card acquisitions, proprietary cards-in-force and average fee per card.

Service fees and other revenue increased, primarily driven by higher foreign exchange-related revenues associated with Card Member cross-currency spending, a gain related to an equity transaction by GBTG, an equity method investee, resulting from its acquisition of CWT Holdings, LLC, and increases in network partnership revenue and loyalty coalition-related fees.

Interest income increased, primarily driven by growth in revolving loan balances, partially offset by lower interest rates.

Interest expense was relatively flat, primarily reflecting lower interest rates paid on customer deposits, offset by growth in customer deposits and long-term debt.

Table of Contents

TABLE 3 : PROVISIONS FOR CREDIT LOSSES SUMMARY

Years Ended December 31,

Change

Change

(Millions, except percentages)

Card Member loans

Net write-offs

Reserve build (release) (a)

Total

Card Member receivables

Net write-offs

Reserve build (release) (a)

Total

Other

Net write-offs — Other loans

Net write-offs — Other receivables

Reserve build (release) — Other loans (a)

Reserve build (release) — Other receivables (a)

Reserve build (release) — Other (a)

Total

Total provisions for credit losses

# Denotes a variance of 100 percent or more

(a) Refer to the “Glossary of Selected Terminology” below for a definition of reserve build (release).

PROVISIONS FOR CREDIT LOSSES

Card Member loans provision for credit losses decreased, primarily due to a lower reserve build in the current year, partially offset by higher net write-offs. The reserve build in the current year was primarily driven by an increase in loans outstanding and deterioration in the macroeconomic outlook used in our reserve models, partially offset by the release of a reserve upon the reclassification of a small business cobrand portfolio to Card Member loans HFS from held for investment. The reserve build in the prior year was primarily driven by an increase in loans outstanding.

Card Member receivables provision for credit losses decreased, primarily due to lower net write-offs, partially offset by a reserve build in the current year. The reserve build in the current year was primarily driven by deterioration in the macroeconomic outlook used in our reserve models and an increase in receivables outstanding.

Other provision for credit losses increased, primarily due to a higher reserve build in the current year, partially offset by lower net write-offs. The reserve build in the current year was primarily related to partner obligations and an increase in loans outstanding.

Table of Contents

TABLE 4: EXPENSES SUMMARY

Years Ended December 31,

Change

Change

(Millions, except percentages)

Card Member rewards

Business development

Card Member services

Marketing

Salaries and employee benefits

Other, net

Total expenses

EXPENSES

Card Member rewards expense increased, driven by increases in Membership Rewards and cash back rewards expenses, collectively, of $1,234 million, and cobrand rewards expense of $576 million, all of which were primarily driven by higher billed business. The increase in Membership Rewards expense was also driven by a benefit in the prior year from enhancements to the models that estimate future redemptions of Membership Reward points by U.S. Card Members. The increase in cash back rewards expense also reflected the impact associated with a card product migration.

The Membership Rewards Ultimate Redemption Rate (URR) for current program participants was 96 percent (rounded down) at both December 31, 2025 and 2024.

Business development expense increased, primarily due to increased partner payments and higher client incentives, both of which were driven by higher network volumes.

Card Member services expense increased, primarily due to higher usage of Card Member benefits and the introduction of new U.S. Platinum benefits.

Marketing expense increased, primarily due to higher levels of spending on customer acquisition and brand advertising.

Salaries and employee benefits expense increased, primarily driven by higher compensation and incentive costs.

Other expenses increased, primarily driven by the gain recognized in the prior year on the sale of Accertify, higher professional services and technology costs, partially offset by a prior-year increase in legal reserves and a prior-year charge associated with an increase in international non-income tax reserves.

Table of Contents

INCOME TAXES

The effective tax rate was 21.5 percent for both 2025 and 2024, primarily reflecting the continued implementation of the global minimum tax offset by discrete tax benefits in the current period.

TABLE 5: SELECTED CARD-RELATED STATISTICAL INFORMATION

Change

Change

Years Ended December 31,

Network volumes (billions)

Billed business

Cards-in-force (millions)

Proprietary cards-in-force

Basic cards-in-force (millions)

Proprietary basic cards-in-force

Average proprietary basic Card Member spending (dollars)

Average fee per card (dollars) (a)

Proprietary new cards acquired (millions)

Discount revenue as a % of Billed business

(a) Average fee per card is computed on an annualized basis based on proprietary Net card fees divided by average proprietary total cards-in-force.

TABLE 6: NETWORK VOLUMES-RELATED STATISTICAL INFORMATION

Year over Year Percentage Increase

(Decrease)

Percentage Increase (Decrease) Assuming No Changes in FX Rates (a)

Year over Year Percentage Increase

(Decrease)

Percentage Increase (Decrease)

Assuming No Changes in FX Rates (a)

Network volumes

Total billed business

U.S. Consumer Services

Commercial Services

International Card Services

Merchant industry billed business metrics

G&S spend (74% and 73% of billed business for 2025 and 2024, respectively)

T&E spend (26% and 27% of billed business for 2025 and 2024, respectively)

(a) The foreign currency adjusted information assumes a constant exchange rate between the periods being compared for purposes of conversion into U.S. dollars (i.e., assumes the foreign exchange rates used to determine results for the current year apply to the corresponding prior-year period against which such results are being compared).

Table of Contents

TABLE 7 : SELECTED CREDIT-RELATED STATISTICAL INFORMATION

As of or for the Years Ended December 31,

Change

Change

(Millions, except percentages)

Card Member loans and receivables:

Card Member loans and receivables

Average Card Member loans and receivables

Net write-off rate — principal, interest and fees (a)

Net write-off rate — principal only — consumer and small business (a)(b)

30+ days past due as a % of total — consumer and small business (c)

Card Member loans:

Card Member loans

Credit loss reserves:

Beginning balance

Provisions — principal, interest and fees

Net write-offs — principal less recoveries

Net write-offs — interest and fees

Other (d)

Ending balance

% of loans

% of past due

Net write-off rate — principal, interest and fees (a)

Net write-off rate — principal only (a)

30+ days past due as a % of total

Card Member receivables:

Card Member receivables

Credit loss reserves:

Beginning balance

Provisions — principal and fees

Net write-offs — principal and fees less recoveries

Other (d)

Ending balance

% of receivables

Net write-off rate — principal and fees  (a)

Net write-off rate — principal only — consumer and small business (a)(b)

30+ days past due as a % of total — consumer and small business (c)

# Denotes a variance of 100 percent or more

(a) We present a net write-off rate based on principal losses only (i.e., excluding interest and/or fees) to be consistent with industry convention. In addition, as our practice is to include uncollectible interest and/or fees as part of our total provision for credit losses, a net write-off rate including principal, interest and/or fees is also presented.

(b) A net write-off rate based on principal losses only is not available for corporate receivables due to system constraints.

(c) For corporate receivables, delinquency data is tracked based on days past billing status rather than days past due. Refer to Table 11 for 90+ days past billing metrics for corporate receivables.

(d) Other includes foreign currency translation adjustments.

Table of Contents

BUSINESS SEGMENT RESULTS OF OPERATIONS

We consider a combination of factors when evaluating the composition of our reportable operating segments, including the results reviewed by the chief operating decision maker, economic characteristics, products and services offered, classes of customers, product distribution channels, geographic considerations (primarily United States versus outside the United States) and regulatory considerations. Refer to Note 23 to the “Consolidated Financial Statements” and “Business” for additional discussion of products and services that comprise each segment.

Results of the reportable operating segments generally treat each segment as a stand-alone business. The management reporting process that derives these results allocates revenue and expense using various methodologies as described below.

TOTAL REVENUES NET OF INTEREST EXPENSE

We allocate discount revenue and certain other revenues among segments using a transfer pricing methodology. Within the USCS, CS and ICS segments, discount revenue generally reflects the issuer component of the overall discount revenue generated by each segment’s Card Members; within the GMNS segment, discount revenue generally reflects the network and acquirer component of the overall discount revenue being allocated.

Net card fees and Service fees and other revenues are generally directly attributable to the segment in which they are reported.

Interest and fees on loans and certain investment income is directly attributable to the segment in which it is reported. Interest expense represents an allocated funding cost based on a combination of segment funding requirements and internal funding rates.

PROVISIONS FOR CREDIT LOSSES

The provisions for credit losses are directly attributable to the segment in which they are reported.

EXPENSES

Card Member rewards, Business development, Card Member services and Marketing expenses are included in each segment based on the actual expenses incurred. Global brand advertising is primarily allocated to the segments based on the relative levels of revenue.

Salaries and employee benefits and other expenses reflect costs incurred directly within each segment, as well as allocated expenses. The allocated expenses include service costs, which primarily reflect salaries and benefits associated with our technology and customer servicing groups, and overhead expenses. Service costs are allocated based on activities directly attributable to the segment, and overhead expenses are allocated based on the relative levels of revenue and Card Member loans and receivables. As a proportion of Salaries and employee benefits and other expenses, allocated costs remain relatively consistent from period to period. Increases in expenses year-over-year driven by allocated costs primarily reflect the changes in salaries and employee benefit costs and other costs related to our technology or servicing organizations and the growth in business volume within our operating segments.

Table of Contents

U.S. CONSUMER SERVICES

TABLE 8: USCS SELECTED INCOME STATEMENT DATA

Years Ended December 31,

Change

Change

(Millions, except percentages)

Revenues

Non-interest revenues

Interest income

Interest expense

Net interest income

Total revenues net of interest expense

Provisions for credit losses

Total revenues net of interest expense after provisions for credit losses

Expenses

Card Member rewards, business development and Card Member services

Marketing

Salaries and employee benefits and other operating expenses

Total expenses

Pretax segment income

USCS issues a wide range of proprietary consumer cards and provides services to U.S. consumers, including travel and lifestyle services as well as banking and non-card financing products. USCS also manages our dining platform that provides digital tools for restaurants and reservation bookings for diners.

TOTAL REVENUES NET OF INTEREST EXPENSE

Non-interest revenues increased across all revenue categories, primarily driven by higher Discount revenue and Net card fees.

Discount revenue increased 8 percent, primarily driven by an increase in U.S. consumer billed business. See Tables 5, 6 and 9 for more details on billed business performance.

Net card fees increased 20 percent, primarily driven by growth in our premium card portfolios.

Service fees and other revenue increased 12 percent, primarily driven by higher travel commissions and fees from our consumer travel business and a discrete revenue adjustment related to certain cash advance fees from prior years.

Interest income increased, primarily driven by growth in revolving loan balances, partially offset by lower interest rates.

Interest expense was relatively flat, reflecting segment net asset growth, offset by lower cost of funds due to lower interest rates.

PROVISIONS FOR CREDIT LOSSES

Card Member loans provision for credit losses decreased, primarily due to a lower reserve build in the current year, partially offset by higher net write-offs. The reserve build in the current year was primarily driven by an increase in loans outstanding and deterioration in the macroeconomic outlook used in our reserve models, partially offset by lower delinquencies. The reserve build in the prior year was primarily driven by an increase in loans outstanding.

Card Member receivables provision for credit losses increased, primarily due to a reserve build in the current year versus a reserve release in the prior year, partially offset by lower net write-offs. The reserve build in the current year was primarily driven by an increase in delinquencies. The reserve release in the prior year was primarily driven by lower delinquencies and a decrease in receivables outstanding.

Other provision for credit losses increased, primarily due to a higher reserve build in the current year and higher net write-offs. The reserve build in the current year was primarily driven by an increase in other loans outstanding and reserves related to partner obligations. The reserve build in the prior year was primarily driven by an increase in other loans outstanding.

Table of Contents

EXPENSES

Total expenses increased, primarily driven by higher Card Member services, Card Member rewards and Salaries and employee benefits and other expenses.

Card Member rewards expense increased, primarily driven by increases in Membership Rewards, cash back and cobrand rewards expenses, all of which were primarily driven by higher billed business. The increase in Membership Rewards expense was also driven by the above mentioned benefit in the prior year from enhancements to the U.S. URR models. The increase in cash back rewards expense also reflected the impact associated with a card product migration.

Business development expense increased, primarily due to increased partner payments driven by higher billed business.

Card Member services expense increased, primarily due to higher usage of Card Member benefits and the introduction of new U.S. Platinum benefits.

Marketing expense increased, primarily due to higher levels of spending on customer acquisition and brand advertising.

Salaries and employee benefits and other expenses increased, primarily due to an increase in allocated service costs and compensation costs.

Table of Contents

TABLE 9: USCS SELECTED STATISTICAL INFORMATION

As of or for the Years Ended December 31,

Change

Change

(Millions, except percentages and where indicated)

Billed business (billions)

Proprietary cards-in-force

Proprietary basic cards-in-force

Average proprietary basic Card Member spending (dollars)

Total segment assets

Card Member loans and receivables:

Card Member loans and receivables

Average Card Member loans and receivables

Net write-off rate — principal, interest and fees (a)

Net write-off rate — principal only (a)

30+ days past due as a % of total

Card Member loans:

Total loans

Net write-off rate — principal, interest and fees  (a)

Net write-off rate — principal only  (a)

30+ days past due as a % of total

Card Member receivables:

Total receivables

Net write-off rate — principal and fees  (a)

Net write-off rate — principal only  (a)

30+ days past due as a % of total

(a) Refer to Table 7 footnote (a).

Table of Contents

COMMERCIAL SERVICES

TABLE 10: CS SELECTED INCOME STATEMENT DATA

Years Ended December 31,

Change

Change

(Millions, except percentages)

Revenues

Non-interest revenues

Interest income

Interest expense

Net interest income

Total revenues net of interest expense

Provisions for credit losses

Total revenues net of interest expense after provisions for credit losses

Expenses

Card Member rewards, business development and Card Member services

Marketing

Salaries and employee benefits and other operating expenses

Total expenses

Pretax segment income

CS issues a wide range of proprietary corporate and small business cards and provides services to U.S. businesses, including payment and expense management, banking and non-card financing products. CS also issues proprietary corporate cards and provides services to select global corporate clients.

TOTAL REVENUES NET OF INTEREST EXPENSE

Non-interest revenues increased, primarily driven by higher Discount revenue and Net card fees.

Discount revenue increased 2 percent, primarily driven by an increase in commercial billed business. See Tables 5, 6 and 11 for more details on billed business performance.

Net card fees increased 11 percent, primarily driven by growth in our premium card portfolios.

Service fees and other revenue increased 6 percent, primarily driven by higher travel commissions and fees and higher foreign exchange-related revenues associated with Card Member cross-currency spending.

Interest income increased, primarily driven by growth in revolving loan balances and higher interest rates.

Interest expense increased, primarily driven by segment net asset growth, partially offset by a lower cost of funds due to lower interest rates.

PROVISIONS FOR CREDIT LOSSES

Card Member loans provision for credit losses increased, primarily due to higher net write-offs, partially offset by a lower reserve build in the current year. The reserve build in the current year was primarily driven by an increase in loans outstanding and deterioration in the macroeconomic outlook used in our reserve models, partially offset by the release of a reserve upon the reclassification of a small business cobrand portfolio to Card Member loans HFS from held for investment. The reserve build in the prior year was primarily driven by an increase in loans outstanding.

Card Member receivables provision for credit losses decreased, primarily due to a reserve release in the current year and lower net write-offs. The reserve release in the current year was primarily driven by lower delinquencies.

Other provision for credit losses increased, primarily due to a higher reserve build in the current year and higher net write-offs. The reserve build in the current year was primarily driven by an increase in other loans outstanding and reserves related to partner obligations.

Table of Contents

EXPENSES

Total expenses increased, primarily driven by higher Card Member rewards, Business development expense and Salaries and employee benefits and other expenses.

Card Member rewards expense increased, primarily driven by increases in Membership Rewards and cobrand rewards expenses, which were primarily driven by higher billed business. The increase in Membership Rewards expense was also driven by changes to the Membership Rewards program for U.S. Business Platinum cards.

Business development expense increased, primarily due to higher client incentives and increased partner payments, both of which were driven by higher billed business.

Card Member services expense increased, primarily due to higher usage of business services benefits and the introduction of new U.S. Business Platinum benefits.

Marketing expense was relatively flat.

Salaries and employee benefits and other expenses increased, primarily due to increases in compensation costs and allocated service costs, partially offset by lower professional services and technology costs.

Table of Contents

TABLE 11: CS SELECTED STATISTICAL INFORMATION

As of or for the Years Ended December 31,

Change

Change

(Millions, except percentages and where indicated)

Billed business (billions)

Proprietary cards-in-force

Average Card Member spending (dollars)

Total segment assets

Card Member loans and receivables:

Card Member loans and receivables

Average Card Member loans and receivables

Net write-off rate — principal, interest and fees (a)

Net write-off rate — principal only — small business (a)(b)

30+ days past due as a % of total — small business

Card Member loans:

Total loans

Net write-off rate — principal, interest and fees (a)

Net write-off rate — principal only (a)

30+ days past due as a % of total

Card Member receivables:

Total receivables

Net write-off rate — principal and fees (a)

Net write-off rate — principal only — small business (a)(b)

30+ days past due as a % of total — small business

90+ days past billing as a % of total — corporate (b)

(a) Refer to Table 7 footnote (a).

(b) For corporate receivables, delinquency data is tracked based on days past billing status rather than days past due. A Card Member account is considered 90 days past billing if payment has not been received within 90 days of the Card Member’s billing statement date. In addition, if we initiate collection procedures on an account prior to the account becoming 90 days past billing, the associated Card Member receivable balance is classified as 90 days past billing. Corporate receivables delinquency data for periods other than 90+ days past billing and the net write-off rate based on principal losses only are not available due to system constraints.

Table of Contents

INTERNATIONAL CARD SERVICES

TABLE 12: ICS SELECTED INCOME STATEMENT DATA

Years Ended December 31,

Change

Change

(Millions, except percentages)

Revenues

Non-interest revenues

Interest income

Interest expense

Net interest income

Total revenues net of interest expense

Provisions for credit losses

Total revenues net of interest expense after provisions for credit losses

Expenses

Card Member rewards, business development and Card Member services

Marketing

Salaries and employee benefits and other operating expenses

Total expenses

Pretax segment income

ICS issues a wide range of proprietary consumer, small business and corporate cards outside the United States. ICS also provides services to our international customers, including travel and lifestyle services, and manages certain international joint ventures and our loyalty coalition business.

On January 12, 2026, we acquired our partner’s interest in our Switzerland joint venture (Swisscard AECS GmbH), resulting in Swisscard becoming a wholly owned subsidiary. Through December 31, 2025, we accounted for Swisscard under the equity method, with our share of Swisscard’s net income reported within Service fees and other revenue. For reporting periods beginning January 1, 2026, we will consolidate Swisscard and reflect its financial results within the respective report lines across our financial statements; Swisscard will continue to be reported within the ICS segment.

TOTAL REVENUES NET OF INTEREST EXPENSE

Non-interest revenues increased, primarily driven by higher Discount revenue and Net card fees.

Discount revenue increased 12 percent, primarily reflecting an increase in billed business. See Tables 5, 6, and 13 for more details on billed business performance.

Net card fees increased 20 percent, primarily driven by growth in our premium card portfolios.

Service fees and other revenue increased 14 percent (11 percent on an FX-adjusted basis), primarily driven by an increase in foreign exchange-related revenues associated with Card Member cross-currency spending, higher loyalty coalition-related fees and higher income from equity method investments primarily related to the partial sale of a card portfolio by Swisscard. 2

Interest income increased, primarily driven by growth in revolving loan balances, partially offset by lower interest rates.

Interest expense increased, primarily driven by a higher cost of funds due to segment net asset growth, partially offset by lower interest rates.

PROVISIONS FOR CREDIT LOSSES

Card Member loans provision for credit losses increased, primarily due to higher net write-offs and a higher reserve build in the current year. The reserve build in the current year was primarily driven by an increase in loans outstanding. The reserve build in the prior year was primarily driven by an increase in loans outstanding, partially offset by lower delinquencies.

Card Member receivables provision for credit losses increased, primarily due to higher net write-offs and a higher reserve build in the current year. The reserve builds in both the current and prior year were primarily driven by increases in receivables outstanding.

2 Refer to footnote 1 on page 44 for details regarding foreign currency adjusted information.

Table of Contents

EXPENSES

Total expenses increased, primarily driven by higher Card Member rewards and Card Member services expenses.

Card Member rewards expense increased, primarily driven by increases in Membership Rewards and cobrand rewards expenses, which were primarily driven by higher billed business.

Business development expense increased, primarily due to higher loyalty coalition-related costs and increased partner payments driven by higher billed business, partially offset by a lower charge in the current year related to revenue allocated to a joint venture partner.

Card Member services expense increased, primarily due to higher usage of travel-related benefits.

Marketing expense increased, reflecting higher levels of spending on customer acquisition and other growth initiatives.

Salaries and employee benefits and other expenses was relatively flat, primarily reflecting higher allocated service costs and compensation costs and a one-time fee from a partner in the prior year, offset by a charge associated with an increase in international non-income tax reserves in the prior year.

Table of Contents

TABLE 13: ICS SELECTED STATISTICAL INFORMATION

As of or for the Years Ended December 31,

Change

Change

(Millions, except percentages and where indicated)

Billed business (billions)

Proprietary cards-in-force

Proprietary basic cards-in-force

Average proprietary basic Card Member spending (dollars)

Total segment assets

Card Member loans and receivables:

Card Member loans and receivables

Average Card Member loans and receivables

Net write-off rate — principal, interest and fees (a)

Net write-off rate — principal only — consumer and small business (a)(b)

30+ days past due as a % of total — consumer and small business

Card Member loans - consumer and small business:

Total loans

Net write-off rate — principal, interest and fees (a)

Net write-off rate — principal only (a)

30+ days past due as a % of total

Card Member receivables:

Total receivables

Net write-off rate — principal and fees (a)

Net write-off rate — principal only — consumer and small business (a)(b)

30+ days past due as a % of total — consumer and small business

90+ days past billing as a % of total — corporate (b)

(a) Refer to Table 7 footnote (a).

(b) For corporate receivables, delinquency data is tracked based on days past billing status rather than days past due. A Card Member account is considered 90 days past billing if payment has not been received within 90 days of the Card Member’s billing statement date. In addition, if we initiate collection procedures on an account prior to the account becoming 90 days past billing, the associated Card Member receivable balance is classified as 90 days past billing. Corporate receivables delinquency data for periods other than 90+ days past billing and the net write-off rate based on principal losses only are not available due to system constraints.

Table of Contents

GLOBAL MERCHANT AND NETWORK SERVICES

TABLE 14: GMNS SELECTED INCOME STATEMENT AND OTHER DATA

Years Ended December 31,

Change

Change

(Millions, except percentages and where indicated)

Revenues

Non-interest revenues

Interest income

Interest expense

Net interest income

Total revenues net of interest expense

Provisions for credit losses

Total revenues net of interest expense after provisions for credit losses

Expenses

Business development and Card Member services

Marketing

Salaries and employee benefits and other operating expenses

Total expenses

Pretax segment income

Network volumes (billions)

Total segment assets

GMNS operates a global payments network that processes and settles card transactions, acquires merchants and provides multi-channel marketing programs and capabilities, services and data analytics, leveraging our global integrated network. GMNS manages our partnership relationships with third-party card issuers, merchant acquirers and a prepaid reloadable and gift card program manager, licensing the American Express brand and extending the reach of the global network.

TOTAL REVENUES NET OF INTEREST EXPENSE

Non-interest revenues increased, primarily driven by higher Discount revenue and Service fees and other revenue.

Discount revenue increased 4 percent, primarily driven by an increase in billed business, partially offset by lower average merchant discount rates due to shifts in geographic and merchant spend mix. See Tables 5 and 6 for more details on billed business performance.

Service fees and other revenue increased 6 percent, primarily driven by increases in network partnership revenues and foreign exchange-related revenues associated with Card Member cross-currency spending, partially offset by Accertify revenues included in the prior year.

GMNS receives an interest expense credit relating to internal transfer pricing due to its merchant payables. Net interest income decreased, primarily due to lower interest rates in international markets, partially offset by higher interest expense credit, primarily driven by an increase in average merchant payables.

PROVISIONS FOR CREDIT LOSSES

Provisions for credit losses increased, primarily due to higher reserve builds related to partner obligations, partially offset by lower net write-offs in the current year.

EXPENSES

Total expenses increased, primarily driven by higher Salaries and employee benefits and other expenses.

Business development expense increased, primarily due to increased partner payments driven by higher network volumes.

Marketing expense decreased, primarily due to lower spend on merchant engagement and other growth initiatives.

Salaries and employee benefits and other expenses increased, primarily driven by the gain in the prior year recognized on the sale of Accertify included in the Other, net component of operating expenses, partially offset by a decrease in allocated service costs.

Table of Contents

CORPORATE & OTHER

Corporate functions and certain other businesses are included in Corporate & Other.

Corporate & Other pretax loss was $2.3 billion and $2.4 billion in 2025 and 2024, respectively. The decrease in the pretax loss was primarily driven by a prior-year increase in legal reserves and the previously-mentioned gain related to an equity transaction by GBTG, an equity method investee, partially offset by higher compensation.

CONSOLIDATED CAPITAL RESOURCES AND LIQUIDITY

Our balance sheet management objectives are to maintain:

• A solid and flexible equity capital profile;

• A broad, deep and diverse set of funding sources to finance our assets and meet operating requirements; and

• Liquidity programs that enable us to continuously meet expected future financing obligations and business requirements for at least a twelve-month period under a variety of adverse circumstances.

We continue to see volatility in the capital markets due to a variety of factors and manage our balance sheet to reflect evolving circumstances.

CAPITAL STRATEGY

We believe capital allocated to growing businesses with a return on risk-adjusted equity in excess of our costs will generate shareholder value. Our objective is to retain sufficient levels of capital generated through net income and other sources, such as the issuance of subordinated debt and preferred shares, as well as the exercise of stock options by colleagues, to maintain a strong balance sheet, provide flexibility to support future business growth and distribute excess capital to shareholders through dividends and share repurchases. See “Dividends and Share Repurchases” below.

The level and composition of our consolidated capital position are determined through our Internal Capital Adequacy Assessment Process, which takes into account our business activities, as well as marketplace conditions and requirements or expectations of credit rating agencies, regulators and shareholders, among others. As a bank holding company, we are subject to regulatory requirements administered by the U.S. federal bank regulatory agencies. The Federal Reserve has established specific capital adequacy guidelines that involve quantitative measures of assets, liabilities and certain off-balance sheet items. Failure to maintain minimum regulatory capital levels at American Express or our U.S. bank subsidiary, American Express National Bank (AENB), could affect our status as a financial holding company and cause the banking regulators with oversight of American Express or AENB to take actions that could limit our business operations.

We seek to maintain capital levels and ratios in excess of our minimum regulatory requirements, specifically within a 10 to 11 percent target range for American Express Company’s Common Equity Tier 1 (CET1) risk-based capital ratio.

We maintain certain flexibility to shift capital across our businesses as appropriate. For example, we may infuse additional capital into subsidiaries to maintain capital at targeted levels in consideration of debt ratings and regulatory requirements. These infused amounts can affect the capital and liquidity positions at American Express Company or at our subsidiaries.

We report our capital ratios using the Basel III capital definitions and the Basel III standardized approach for calculating risk-weighted assets.

See “Supervision and Regulation — Capital and Liquidity Regulation” under “Business” for more information.

Table of Contents

The following table presents our regulatory risk-based capital and leverage ratios and those of AENB, as of December 31, 2025:

TABLE 15: REGULATORY RISK-BASED CAPITAL AND LEVERAGE RATIOS

Effective Minimum (a)

Ratios as of December 31, 2025

Risk-Based Capital

Common Equity Tier 1

American Express Company

American Express National Bank

Tier 1

American Express Company

American Express National Bank

Total

American Express Company

American Express National Bank

Tier 1 Leverage

American Express Company

American Express National Bank

Supplementary Leverage Ratio

American Express Company

American Express National Bank

(a) Represents Basel III minimum requirements and applicable regulatory buffers as defined by the federal banking regulators, which includes the stress capital buffer (SCB) for American Express Company and the capital conservation buffer for AENB. Refer to “Supervision and Regulation — Capital and Liquidity Regulation” under “Business” and Note 21 to the “Consolidated Financial Statements” for additional information.

The following table presents American Express Company’s regulatory risk-based capital and risk-weighted assets as of December 31, 2025:

TABLE 16: REGULATORY RISK-BASED CAPITAL COMPONENTS AND RISK-WEIGHTED ASSETS

American Express Company

($ in Millions)

December 31, 2025

Risk-Based Capital

Common Equity Tier 1

Tier 1 Capital

Tier 2 Capital

Total Capital

Risk-Weighted Assets

Average Total Assets to calculate the Tier 1 Leverage Ratio

Total Leverage Exposure to calculate the Supplementary Leverage Ratio

The following are definitions for our regulatory risk-based capital and leverage ratios, which are calculated as per standard regulatory guidance:

Risk-Weighted Assets — Assets are weighted for risk according to a formula used by the Federal Reserve to conform to capital adequacy guidelines. On- and off-balance sheet items are risk weighted, with off-balance sheet items converted to balance sheet equivalents, using risk conversion factors, before being assigned a risk weight. Off-balance sheet exposures comprise a minimal part of the total risk-weighted assets.

Common Equity Tier 1 Risk-Based Capital Ratio — Calculated as CET1 capital, divided by risk-weighted assets. CET1 capital is common shareholders’ equity, adjusted for ineligible goodwill and intangible assets and certain deferred tax assets.

Table of Contents

Tier 1 Risk-Based Capital Ratio — Calculated as Tier 1 capital divided by risk-weighted assets. Tier 1 capital is the sum of CET1 capital, preferred shares and third-party non-controlling interests in consolidated subsidiaries, adjusted for capital held by insurance subsidiaries. We have $1.6 billion of preferred shares outstanding to help address a portion of the Tier 1 capital requirements in excess of common equity requirements. See Note 15 to the “Consolidated Financial Statements” for additional information on our preferred shares.

Total Risk-Based Capital Ratio — Calculated as the sum of Tier 1 capital and Tier 2 capital divided by risk-weighted assets. Tier 2 capital is the sum of the allowable allowance for credit losses and $1,750 million of eligible subordinated notes, adjusted for capital held by insurance subsidiaries. The $1,750 million of eligible subordinated notes includes the $500 million subordinated debt issued in April 2024, the $500 million subordinated debt issued in July 2023 and the $750 million subordinated debt issued in May 2022.

Tier 1 Leverage Ratio — Calculated as Tier 1 capital divided by average total consolidated assets for the most recent quarter. Average total consolidated assets reflect quarterly average assets adjusted for applicable regulatory deductions from Tier 1 capital.

Supplementary Leverage Ratio — Calculated as Tier 1 capital divided by total leverage exposure. Total leverage exposure includes average on-balance-sheet assets and certain off-balance-sheet exposures, adjusted for applicable regulatory deductions from Tier 1 capital.

We continue to include accumulated other comprehensive income (loss) in regulatory capital.

We are subject to annual supervisory stress testing conducted by the Federal Reserve. We submitted our annual capital plan to the Federal Reserve in April 2025. On August 29, 2025, the Federal Reserve confirmed our SCB requirement at 2.5 percent, resulting in an effective minimum CET1 ratio of 7 percent, effective October 1, 2025 to September 30, 2026.

DIVIDENDS AND SHARE REPURCHASES

We return capital to common shareholders through dividends and share repurchases. The share repurchases reduce common shares outstanding and generally more than offset the issuance of new shares as part of employee compensation plans.

During the year ended December 31, 2025, we returned $7.6 billion to our shareholders in the form of share repurchases of $5.3 billion and common share dividends of $2.3 billion. We repurchased 16.8 million common shares at an average price of $312.87 in 2025. These share repurchase and common share dividend amounts collectively represent approximately 71 percent of net income available to common shareholders during the year ended December 31, 2025.

We plan to increase the regular quarterly dividend on our common shares outstanding by approximately 16 percent, from 82 cents to 95 cents per share, beginning with the first quarter 2026 dividend declaration.

In addition, during the year ended December 31, 2025, we paid $58 million in dividends on non-cumulative perpetual preferred shares outstanding. Refer to Note 15 to the “Consolidated Financial Statements” for additional information on our preferred shares.

Our decisions on capital distributions depend on various factors, including: our capital levels and regulatory capital requirements; regulatory guidance or restrictions; actual and forecasted business results; economic and market conditions; revisions to, or revocation of, the Federal Reserve’s authorization of our capital plan; and the supervisory stress test process. We may conduct share repurchases through a variety of methods, including open market purchases, plans intended to satisfy the affirmative defense conditions of Rule 10b5-1(c) under the Exchange Act, privately negotiated transactions or other purchases, including block trades, accelerated share repurchase programs or any combination of such methods as market conditions warrant and at prices we deem appropriate.

Table of Contents

FUNDING STRATEGY

Our principal funding objective is to maintain broad and well-diversified funding sources to allow us to finance our global businesses and to maintain a strong liquidity profile. Our funding strategy and activities are integrated into our asset-liability management activities. We have in place a funding policy covering American Express Company and all of our subsidiaries.

Our financing needs are in large part a consequence of our proprietary card-issuing businesses, where we generally pay merchants for card transactions prior to reimbursement by Card Members and therefore fund the merchant payments during the period Card Member loans and receivables are outstanding. In addition, we maintain a liquidity position to meet regulatory requirements and support our business activities.

We aim to satisfy these financing needs with a diverse set of funding sources. The diversity of funding sources by type of instrument, by tenor and by investor base, among other factors, mitigates the impact of disruptions in any one type of instrument, tenor or investor. We seek to achieve diversity and cost efficiency in our funding sources by maintaining scale and market relevance in deposits, unsecured debt and asset securitizations and access to secured borrowing facilities and a committed bank credit facility. In particular, we are focused on continuing to grow our direct deposit program as a funding source.

Our funding plan is primarily driven by the size and mix of business asset growth, our liquidity position and choice of funding sources, as well as cash requirements generated by withdrawals of deposits by our customers, the maturities of debt outstanding and related interest payments. In executing our funding plan, we aim to maintain a balanced debt maturity profile with an appropriate mix of short-term and long-term refinancing requirements.

FUNDING PROGRAMS AND ACTIVITIES

We had the following customer deposits and consolidated debt outstanding as of December 31, 2025 and 2024:

TABLE 17: SUMMARY OF CUSTOMER DEPOSITS AND CONSOLIDATED DEBT

(Billions)

Customer deposits

Short-term borrowings

Long-term debt

Total customer deposits and debt

We may redeem from time to time certain debt securities prior to the original contractual maturity dates in accordance with the optional redemption provisions of those debt securities.

Our funding plan for the full year 2026 includes, among other sources, approximately $4.0 billion to $8.0 billion of unsecured term debt issuance and approximately $2.0 billion to $6.0 billion of secured term debt issuance. Actual funding activities can vary from our plans due to various factors, such as future business growth, liquidity requirements, the impact of global economic, political and other events on market capacity, demand for securities offered by us, regulatory changes, ability to securitize and sell loans and receivables, and the performance of loans and receivables previously sold in securitization transactions. Many of these factors are beyond our control.

Our equity capital and funding strategies are designed, among other things, to maintain appropriate and stable unsecured debt ratings from the major credit rating agencies: Moody’s Investor Services (Moody’s), Standard & Poor’s (S&P) and Fitch Ratings (Fitch). Such ratings help support our access to cost-effective unsecured funding as part of our overall funding strategy. Our asset securitization activities are rated separately.

Table of Contents

TABLE 18: UNSECURED DEBT RATINGS

American Express Entity

Moody’s

Fitch

American Express Company

Long Term

Short Term

Outlook

Stable

Stable

Stable

American Express Travel Related Services Company, Inc.

Long Term

Short Term

Outlook

Stable

Stable

Stable

American Express National Bank

Long Term

Short Term

Outlook

Stable

Stable

Stable

American Express Credit Corporation

Long Term

Short Term

Outlook

Stable

Stable

Stable

These ratings are not a recommendation to buy or hold any of our securities and they may be revised or revoked at any time at the sole discretion of the rating organization.

Downgrades in the ratings of our unsecured debt or asset securitization program securities could result in higher funding costs, as well as higher fees related to borrowings under our unused credit facilities. Declines in credit ratings could also reduce our borrowing capacity in the unsecured debt and asset securitization capital markets. We believe our funding mix, including the proportion of U.S. direct deposits insured by the FDIC to total funding, should reduce the impact that credit rating downgrades would have on our funding capacity and costs.

DEPOSIT PROGRAMS

We offer deposits within our U.S. bank subsidiary, AENB. These funds are currently insured up to an amount that is at least $250,000 per depositor, per ownership category through the FDIC; as of December 31, 2025, approximately 92 percent of these deposits were insured. Our ability to obtain deposit funding and offer competitive interest rates is dependent on, among other factors, the capital level of AENB. The direct deposit program offered by AENB is our primary deposit product channel, which makes FDIC-insured high-yield savings account, certificates of deposit (CDs), business checking and consumer checking account products available directly to customers. As of December 31, 2025, our direct deposit program had approximately 3.9 million accounts. AENB also sources deposits through third-party distribution channels as needed to meet our overall funding objectives. CDs carry stated maturities while high-yield savings account, checking account and third-party sweep deposit products do not. We manage the duration of our maturing obligations, including CDs, to reduce concentration and refinancing risk.

As of December 31, 2025, we had $152.5 billion in deposits. Refer to Note 7 to the “Consolidated Financial Statements” for a further description of these deposits and scheduled maturities of certificates of deposits.

The following table sets forth the average interest rates we paid on different types of deposits during the years ended December 31, 2025, 2024 and 2023. The change in the average interest rate we paid on our interest-bearing deposits was primarily due to the impact of lower market interest rates offered for savings deposits.

TABLE 19: AVERAGE INTEREST RATES PAID ON DEPOSITS

Year ended December 31,

(Millions, except percentages)

Average Balance

Interest Expense

Average Interest Rate

Average Balance

Interest Expense

Average Interest Rate

Average Balance

Interest Expense

Average Interest Rate

Savings accounts

Checking accounts

Certificates of deposit:

Direct

Third-party (brokered)

Sweep accounts — Third-party (brokered)

Total U.S. interest-bearing deposits

Table of Contents

SHORT-TERM FUNDING PROGRAMS

Short-term borrowings, such as commercial paper, are defined as any debt with an original maturity of twelve months or less, as well as interest-bearing overdrafts with banks. Our short-term funding programs are used primarily to fund working capital needs, such as managing seasonal variations in receivables balances. The amount of short-term borrowings issued in the future will depend on our funding strategy, our needs and market conditions.   We had no commercial paper outstanding at any point during 2025. Refer to Note 8 to the “Consolidated Financial Statements” for a further description of these borrowings.

LONG-TERM DEBT AND ASSET SECURITIZATION PROGRAMS

As of December 31, 2025, we had $56.4 billion in long-term debt outstanding, including unsecured debt and asset-backed securities. Refer to Note 8 to the “Consolidated Financial Statements” for a further description of these borrowings and scheduled maturities of long-term debt obligations.

We periodically securitize Card Member loans and receivables arising from our U.S. card business, as the securitization market provides us with cost-effective funding. Securitization of Card Member loans and receivables is accomplished through the transfer of those assets to a trust, which in turn issues securities collateralized by the transferred assets to third-party investors. The proceeds from issuance are distributed to us, through our wholly owned subsidiaries, as consideration for the transferred assets. Refer to Note 5 to the “Consolidated Financial Statements” for a further description of our asset securitizations.

TABLE 20: DEBT ISSUANCES

($ in Billions)

American Express Company:

USD Floating Rate Senior Notes (compounded SOFR (a) plus weighted-average spread of 98 basis points)

USD Fixed-to-Floating Rate Senior Notes (weighted-average coupon of 4.98% during the fixed rate period and compounded SOFR (a) plus weighted-average spread of 126 basis points during the floating rate period)

EUR Fixed-to-Floating Rate Senior Notes (coupon of 3.43% during the fixed rate period and compounded EURIBOR (b) plus spread of 110 basis points during the floating rate period)

American Express Credit Account Master Trust:

Fixed Rate Class A Certificates (weighted-average coupon of 4.42%)

Total

(a) Secured overnight financing rate (SOFR).

(b) Euro Interbank Offered Rate (EURIBOR).

Table of Contents

LIQUIDITY MANAGEMENT

Our liquidity objective is to maintain access to a diverse set of on- and off-balance sheet liquidity sources. We seek to maintain liquidity sources in amounts sufficient to meet our expected future financial obligations and business requirements for liquidity for a period of at least twelve months under a variety of adverse circumstances. These include, but are not limited to, an event where we are unable to raise new funds under our regular funding programs during a substantial weakening in economic conditions.

Our liquidity management strategy includes a number of elements, including, but not limited to:

• Maintaining diversified funding sources (refer to “Funding Strategy” above for more details);

• Maintaining unencumbered liquid assets and off-balance sheet liquidity sources;

• Projecting cash inflows and outflows under a variety of economic and market scenarios; and

• Establishing clear objectives for liquidity risk management, including compliance with regulatory requirements.

We seek to maintain access to a diverse set of on-balance sheet and off-balance sheet liquidity sources, including cash and other liquid assets, secured borrowing facilities and a committed bank credit facility. Through our U.S. bank subsidiary, AENB, we have also pledged collateral eligible for use at the Federal Reserve’s discount window.

The amount and type of liquidity resources we maintain can vary over time, based upon the results of stress scenarios required under the Dodd-Frank Wall Street Reform and Consumer Protection Act, as well as additional stress scenarios required under our liquidity risk policy. These stress scenarios possess distinct characteristics, varying by cash flow assumptions, time horizon and qualifying liquidity sources, among other factors. Scenarios under our liquidity risk policy include market-wide, firm-specific and combined liquidity stresses. Additionally, we are subject to reduced LCR and NSFR requirements as a Category III firm with less than $75 billion in weighted short-term wholesale funding. For the quarter ended December 31, 2025, average LCR and NSFR were 212 percent and 123 percent, respectively which exceeded the regulatory requirement of 100 percent. See “Supervision and Regulation — Enhanced Prudential Standards” under “Business” for more information. We consider other factors in determining the amount and type of liquidity we maintain, such as economic and financial market conditions, seasonality in business operations, growth in our businesses, potential acquisitions or dispositions, the cost and availability of alternative liquidity sources and credit rating agency guidelines and requirements. We believe that we currently maintain sufficient liquidity to meet all internal and regulatory liquidity requirements.

As of December 31, 2025 and 2024, we had $47.8 billion and $40.6 billion in Cash and cash equivalents, respectively. Refer to “Cash Flows” below for a discussion of the major drivers impacting cash flows for the year ended December 31, 2025. Depending on the interest rate environment, our funding composition and the amount of liquidity resources we maintain, the level of future net interest income or expense associated with our liquidity resources will vary. For the year ended December 31, 2025, interest income exceeded the interest expense associated with the liquidity portfolio.

Table of Contents

Securitized Borrowing Capacity

As of December 31, 2025, we maintained our committed, revolving, secured borrowing facility, with a maturity date of July 17, 2028, which gives us the right to sell up to $3.0 billion face amount of eligible AAA notes from the American Express Issuance Trust II (the Charge Trust). We also maintained our committed, revolving, secured borrowing facility, with a maturity date of September 15, 2028, which gives us the right to sell up to $2.0 billion face amount of eligible AAA certificates from the American Express Credit Account Master Trust (the Lending Trust). These facilities enhance our contingent funding resources and are also used in the ordinary course of business to fund working capital needs. As of December 31, 2025, no amounts were drawn on the Charge Trust facility or the Lending Trust facility.

Committed Bank Credit Facility

As of December 31, 2025, we maintained a committed syndicated bank credit facility of $6.0 billion, with a maturity date of September 24, 2028. The availability of the credit facility is subject to our maintenance of a minimum CET1 risk-based capital ratio of 4.5 percent, with certain restrictions in relation to either accessing the facility or distributing capital to common shareholders in the event our CET1 risk-based capital ratio falls between 4.5 percent and 6.5 percent. It does not contain a material adverse change clause, which might otherwise preclude borrowing under the facility, nor is it dependent on our credit rating. As of December 31, 2025, we were in compliance with the covenants contained in the credit facility and no amounts were drawn on this facility. This facility enhances our contingent funding resources and is also used in the ordinary course of business to fund working capital needs. Any undrawn portion of this facility could serve as a backstop for the amount of commercial paper outstanding.

Other Sources of Liquidity

In addition to cash and other liquid assets and the secured borrowing facilities and committed bank credit facility described above, as an insured depository institution, AENB may borrow from the Federal Reserve Bank of San Francisco through the discount window against the U.S. credit card loans and charge card receivables that it pledged.

As of December 31, 2025, AENB had available borrowing capacity of $82.8 billion based on the amount and collateral valuation of receivables that were pledged to the Federal Reserve Bank of San Francisco. Whether specific assets will be considered qualifying collateral and the amount that may be borrowed against the collateral remain at the discretion of the Federal Reserve and can change from time to time. Due to regulatory restrictions, liquidity generated by AENB can generally be used only to fund obligations within AENB, and transfers to the parent company or non-bank affiliates may be subject to prior regulatory approval.

Off-balance Sheet Arrangements

We have certain off-balance sheet obligations that include certain lease arrangements, guarantees, indemnifications and certain Card Member and partner arrangements that may have a material current or future effect on our financial condition, changes in financial condition, results of operations, or liquidity and capital resources. For more information on these obligations, refer to Note 12 and Note 22 to the “Consolidated Financial Statements.”

Table of Contents

CASH FLOWS

The following table summarizes our cash flow activity, followed by a discussion of the major drivers impacting operating, investing and financing cash flows for the year ended December 31, 2025 compared to the year ended December 31, 2024:

TABLE 21: CASH FLOWS

(Billions)

Total cash provided by (used in):

Operating activities

Investing activities

Financing activities

Effect of foreign currency exchange rates on cash and cash equivalents

Net increase (decrease) in cash and cash equivalents

Cash Flows from Operating Activities

Our cash flows from operating activities primarily include net income adjusted for (i) non-cash items included in net income, such as provisions for credit losses, depreciation and amortization, stock-based compensation, deferred taxes and other non-cash items and (ii) changes in the balances of operating assets and liabilities, which can vary significantly in the normal course of business due to the amount and timing of payments.

In 2025, the net cash provided by operating activities was driven by cash generated from net income for the period and higher net operating liabilities, primarily driven by higher book overdrafts due to timing differences arising in the ordinary course of business.

In 2024, the net cash provided by operating activities was driven by cash generated from net income for the period, partially offset by lower net operating liabilities, primarily driven by lower book overdrafts due to timing differences arising in the ordinary course of business.

Cash Flows from Investing Activities

Our cash flows from investing activities primarily include changes in loans and Card Member receivables, as well as changes in our available-for-sale investment securities portfolio.

In 2025, the net cash used in investing activities was primarily driven by higher loans and Card Member receivables outstanding and the acquisition of a business.

In 2024, the net cash used in investing activities was primarily driven by higher loans and Card Member receivables outstanding, partially offset by net maturities of investment securities.

Cash Flows from Financing Activities

Our cash flows from financing activities primarily include changes in customer deposits, long-term debt and short-term borrowings, as well as dividend payments and share repurchases.

In both 2025 and 2024, the net cash provided by financing activities was primarily driven by growth in customer deposits and net proceeds from long-term debt, partially offset by share repurchases and dividend payments.

Table of Contents

RISK MANAGEMENT

GOVERNANCE AND BOARD OVERSIGHT

We maintain a risk governance framework that describes key components of risk management, including risk governance, oversight, roles and responsibilities across the lines of defense, our risk taxonomy, risk appetite and the risk management lifecycle. Our risk governance framework also provides expectations for risk culture, compensation and performance management.

Our Board and its committees provide oversight of risk management and monitor our risk culture and the “tone at the top.” Each committee of the Board consists entirely of independent directors and provides regular reports to the full Board regarding matters reviewed at their committee. The committees meet regularly in private sessions with our Chief Financial Officer, Chief Legal Officer, Chief Risk Officer, Chief Compliance Officer, Chief Audit Executive, Head of Credit Review and other members of senior management with regard to our risk management processes, risk profile and performance, controls, talent and capabilities.

The responsibilities of each of the committees of the Board in overseeing risk management include:

The Risk Committee is responsible for overseeing and approving our risk governance framework, processes and methodologies, and evaluating the independence and authority of our risk management function. On an annual basis, the Risk Committee reviews and approves the Company’s risk appetite framework, which defines the nature and level of risk we are willing to take and provides limits, thresholds and escalation processes that align risk taking with strategic objectives. The Risk Committee regularly reviews our risk profile against the tolerances in the risk appetite framework, including significant risk exposures, risk trends in our portfolios and major risk concentrations, and the steps taken by management to monitor, control and report such exposures, trends and concentrations. The Risk Committee also reviews and concurs with the appointment, replacement, performance and compensation of the Chief Risk Officer and receives regular reports from the Chief Risk Officer on key risks and exposures. The Risk Committee provides oversight of our compliance with regulatory capital and liquidity standards, and our Internal Capital Adequacy Assessment Process, including the CCAR submissions.

The Audit and Compliance Committee (ACC) is responsible for assisting the Board in its oversight responsibilities relating to the integrity of our financial statements and financial and regulatory reporting processes, internal and external auditing, the integrity of internal controls and legal and regulatory compliance. The ACC appoints, replaces, reviews and evaluates the qualifications and independence of our independent registered public accounting firm and periodically meets with management and the independent registered public accounting firm to review and discuss our accounting policies, critical accounting estimates and critical auditing matters. In addition, the ACC is responsible for the appointment, replacement, performance and compensation of the Chief Audit Executive and the Head of Credit Review, as well as the approval of the annual plans, charters, policies and budgets of the Internal Audit Group and the Credit Review Group. In its role in overseeing legal and regulatory compliance, the ACC reviews the effectiveness of our company-wide compliance risk management program and periodically meets with the Chief Compliance Officer to review and approve our compliance risk tolerance statement and related compliance policies.

The Compensation and Benefits Committee (CBC) is responsible for assisting the Board in its oversight responsibilities related to the adoption, amendment and termination of compensation plans and arrangements covering executive officers and certain other colleagues, our employee benefit plans of the Company and review of the overall management of our colleague experience. The CBC works with the Chief Colleague Experience Officer and the Chief Risk Officer to ensure our compensation programs appropriately balance risk with business incentives and that business performance is achieved without taking imprudent or excessive risk. Our Chief Risk Officer is actively involved in setting risk goals for the Company. Our Chief Risk Officer also reviews the risk profiles of each business unit and, together with the Chief Audit Executive, provides input into performance evaluations. The Chief Risk Officer attests to the CBC as to whether performance goals and results have been achieved without taking imprudent risks. Additionally, the CBC uses a risk-balanced incentive compensation framework to decide on the bonus pools for our colleagues and the compensation of senior executives.

The Nominating, Governance and Public Responsibility Committee (NGPRC) is responsible for assisting the Board in its oversight responsibilities relating to the Chief Executive Officer and key senior management succession, Board composition, corporate governance, non-employee director compensation and benefits and our practices and positions relating to public policy and sustainability issues. As part of its remit, the NGPRC regularly reviews risks related to corporate governance structure and practices. In addition, the NGPRC regularly reviews the composition of the Board, reassessing directors eligible for election or recruiting candidates with expertise in areas of importance to us.

Table of Contents

We also have management-level risk management committees that implement our risk governance framework and facilitate the execution of management’s risk management responsibilities. The Enterprise Risk Management Committee (ERMC) is the highest-level management risk committee and is responsible for monitoring risk-taking activities against our risk appetite framework as well as governing and overseeing risks we face. The ERMC is co-chaired by the Chief Executive Officer and the Chief Risk Officer, with membership representation across risk types, businesses, and lines of defense. The ERMC has a direct escalation path to the Risk Committee and the Risk Committee reviews and approves the charter of the ERMC annually.

There are three types of risk management committees that report to the ERMC: (i) business unit risk committees, which receive reporting and make decisions on risks applicable for a given revenue-generating business unit, and are co-chaired by the business unit head and the business unit chief risk officer; (ii) organizational risk committees, which receive reporting and make decisions associated with a given first line function, and are co-chaired by the first line unit lead and the second line risk type lead; and (iii) horizontal risk committees, which receive reporting and make decisions associated with one or more risk types and are chaired or co-chaired by the second line risk type lead(s). The ERMC delegates authority to these underlying risk management committees through review and approval of their charters on an annual basis.

THREE LINES OF DEFENSE MODEL

As part of our risk governance framework, we have implemented the “three lines of defense” approach to risk management.

The first line of defense is the primary owner of risk-taking and risk management. The first line includes colleagues who are responsible for generating revenue, providing operational support in the delivery of products and services to our customers, or providing technology services for the execution of business activities. All members of the first line are responsible for appropriately assessing and managing all risks associated with their business activities, consistent with our established risk appetite.

The second line of defense supports the Board in defining the framework by which risk should be managed across the enterprise. It then implements the framework by enacting policies, standards and procedures and creating governance structures. Additionally, the second line provides independent review, challenge, monitoring and oversight of first line activities to enforce adherence to the risk framework and determine the action required if first line activities do not align with the framework.

Our Internal Audit Group and Credit Review Group constitute the third line of defense and provide independent assurance by assessing the quality and effectiveness of our processes and systems of internal control, risk management, and risk governance, compliance with applicable regulations, and the reliability and integrity of our financial and operational information.

Table of Contents

RISK MANAGEMENT PROCESSES

Risk Appetite

Our risk appetite statement describes the nature and level of risk that we are willing to take. Our risk appetite policy describes the overarching approach through which we set our target risk profile and includes our risk appetite statement, which defines specific risk limits for our principal risks. Our risk appetite statement and risk appetite policy are approved by our Risk Committee at least annually. The second line of defense reports to our Risk Committee on our adherence to risk appetite limits on a quarterly basis.

Risk Identification and Assessment

The purpose of our risk identification and assessment process is to recognize and understand existing risks and risks that may arise from new business initiatives, external market forces, or regulatory or statutory changes, so that these risks can be properly assessed and incorporated into our risk control, monitoring, reporting and escalation processes.

Enterprise Risk Taxonomy

We use a risk taxonomy to identify and categorize our principal risks. This taxonomy provides a common language and discipline for the identification and assessment of risks in existing and new business, products, initiatives and acquisitions. We have six principal risk categories: Strategic, Reputation, Operational and Compliance, Credit, Liquidity and Market.

Strategic Risk Management Process

We define strategic risk as the risk to our current or projected financial condition and resilience arising from adverse business decisions, poor implementation of business decisions, or lack of responsiveness to changes in the industry or operating environment, or declining demand for our products and services caused by any other risk.

Strategic decisions are reviewed and approved by business leaders and various risk management committees and must be aligned with our policies and established risk appetite. We seek to manage strategic risk through risk controls embedded in these processes as well as overall risk management oversight over business goals. Launch of key new products as well as existing product performance is reviewed periodically by committees and business leaders to inform business decisions as appropriate. Mergers, acquisitions and divestitures can only be approved following Executive Committee due diligence, a comprehensive risk assessment by operational, market, credit and oversight leaders provided to the Chief Risk Officer and approval by either the Chief Risk Officer or appropriate risk committees. The ERMC and its sub-committees oversee the strategic risks and impacts of decisions and matters brought to the committees.

Reputation Risk Management Process

We define reputational risk as the risk that negative stakeholder reaction to our products, services, client and partner relationships, business activities and policies, management and workplace culture, or our response to unexpected events, could cause sustained critical media coverage, a decline in revenue or investment, talent attrition, litigation, or government or regulatory scrutiny.

Our business leaders are responsible for considering the reputational risk implications of business activities and strategies and ensuring the relevant subject matter experts are engaged as needed. The ERMC is responsible for ensuring reputational risk considerations are included in the scope of appropriate subordinate risk policies and committees and properly reflected in all decisions escalated to the ERMC.

Operational Risk Management Process

We define operational risk as the risk to our current or projected financial condition and resilience arising from inadequate, failed processes or systems, human error or misconduct or adverse external events. Operational risk is inherent in all business activities and can impact an organization through direct or indirect financial loss, brand damage, customer dissatisfaction, or legal and regulatory penalties.

Our operational risk management policy sets forth requirements for (i) the identification of issues and operational risk events, (ii) control enhancements and (iii) reporting of key trends and escalation of risks. There is a range of operational risk types, including process, execution & change; human capital; technology; information security & cybersecurity; third party; data; business disruption; fraud (external and internal); legal; financial reporting; and model risk. Each operational risk type has its own risk management policy that details the requirements and guidelines for managing the specific risk types. Operational risk, in aggregate, is overseen by the Operational Risk and Controls Committee, which is chaired by the Chief Operational Risk Officer.

For additional information regarding cybersecurity risk management & strategy and cybersecurity governance, including information regarding our technology risk and information security program, see Part I, Item 1C. “Cybersecurity.”

Table of Contents

Compliance Risk Management Process

We define compliance risk as the risk to current or anticipated earnings or capital arising from violations of, or failure to conform to, or comply with, laws or regulations, internal policies, procedures and related practices, or ethical standards.

Our Global Compliance and Ethics organization is responsible for establishing and maintaining our corporate-wide compliance risk management program. Pursuant to this program, we seek to manage and mitigate compliance risk by assessing, controlling, monitoring, measuring and reporting the legal and regulatory risks to which we are exposed.

Our global compliance risk management policy defines the regulatory compliance obligations applicable to our activities and establishes a framework and program for compliance risk management. Certain compliance risk types (e.g., financial crimes, privacy, conduct) have dedicated risk management policies that detail the requirements and guidelines for managing the specific risk type. Compliance risk, in aggregate, is overseen by the Compliance and Conduct Risk Committee, which is chaired by the Chief Compliance Officer. This committee has a dual reporting relationship to both the Risk Committee (through the ERMC) and the ACC. Additionally, a dedicated Financial Crimes Risk Management Committee, chaired by the Head of Financial Crimes Compliance, oversees financial crimes related risk management activities.

Credit Risk Management Process

We define credit risk as the risk to our current or projected financial condition arising from an obligor’s failure to meet the terms of any contract with American Express or otherwise perform as agreed. Our credit risks are divided into two broad categories: 1) consumer and small business, and 2) commercial. Each has distinct risk management profiles, capabilities, strategies and tools. Business units that create individual or institutional credit risk exposures of significant importance are supported by dedicated risk management teams, each led by a Chief Credit Officer.

Consumer and small business credit risk arises from consumer and small business credit cards, charge cards and term loans. These portfolios consist of millions of customers across multiple geographies, industries and levels of net worth. We benefit from the high-quality profile of our customers, which is driven by our brand, premium customer servicing, product features and risk management capabilities, which span underwriting, customer management and collections. The risk in these portfolios is generally correlated to broad economic trends, such as unemployment rates and gross domestic product (GDP) growth.

The business unit leaders and their Chief Credit Officers take the lead in managing the credit risk process. These Chief Credit Officers are guided by the Credit and External Fraud Risk Committee, which oversees the implementation and enforcement of the global credit risk management policy and is co-chaired by the Chief Credit Officer and the Head of Financial Risk Management.

Credit risk management is supported by sophisticated proprietary scoring and decision-making models that use up-to-date information on prospects and customers, such as spending and payment history and data feeds from credit bureaus. We have developed data-driven economic decision logic for customer interactions to better serve our customers.

Commercial credit risk arises principally within our CS, ICS and GMNS businesses, as well as investment and liquidity management activities. Unlike consumer and small business credit risk, commercial credit risk is characterized by a lower loss frequency but higher severity. It is affected both by general economic conditions and by client-specific events. The absence of large losses in any given year or over several years is not necessarily representative of the level of risk of institutional portfolios, given the infrequency of loss events in such portfolios.

Similar to consumer and small business credit risk, business units taking commercial credit risks are supported by Chief Credit Officers, who are guided by the Credit and External Fraud Risk Committee. A centralized risk rating unit also provides risk assessment of our institutional obligors.

Table of Contents

Liquidity Risk Management Process

We define liquidity risk as the risk to our current or projected financial condition arising from an inability to meet our current and future financial obligations at a reasonable cost when they become due.

Our Board-approved liquidity risk management policy establishes the framework that guides and governs liquidity risk management. The Finance Risk Committee oversees the management of liquidity risk and reviews and approves liquidity stress testing assumptions quarterly and scenarios annually. The Finance Risk Committee also approves our contingent funding plan as well as our funds transfer pricing framework.

The Asset/Liability Management Committee oversees the implementation of the liquidity risk management policy through the establishment of strategies, processes and procedures to manage liquidity risk within our established risk appetite, including annually approving our funding plan and reviewing outcomes of liquidity stress testing, liquidity coverage ratio and net stable funding ratio and adjusting funding and liquidity strategies to align with our risk appetite.

To manage liquidity risk, we seek to maintain access to a diverse set of cash, readily-marketable securities and contingent sources of liquidity, such that we can continuously meet our business requirements and expected future financing obligations for at least a twelve-month period under a variety of adverse circumstances. These include, but are not limited to, an event where we are unable to raise new funds under our regular funding programs during a substantial weakening in economic conditions. We consider the trade-offs between maintaining too much liquidity, which can be costly and limit financial flexibility, and having inadequate liquidity, which may result in financial distress during a liquidity event. Liquidity risk is managed at an aggregate consolidated level as well as at certain subsidiaries in order to ensure that sufficient and accessible liquidity resources are maintained.

Our liquidity risk management processes are designed in alignment with regulatory guidelines. As a Category III firm under U.S. federal bank regulatory agencies’ rules, we are subject to heightened capital, liquidity and prudential requirements, including more stringent liquidity risk management requirements. See “Supervision and Regulation – Capital and Liquidity Regulation” under “Business” for more information.

Market Risk Management Process

We define market risk as the risk to our current or projected financial condition, or the value of assets and liabilities, resulting from changes in market values like interest rates, asset prices, or foreign exchange rates. Our market risk exposures include (i) interest rate risk due to changes in the relationship between the interest rates on our assets (such as loans, receivables and investment securities) and the interest rates on our liabilities (such as debt and deposits) and (ii) foreign exchange risk related to transactions, funding, investments and earnings in currencies other than the U.S. dollar.

Our Finance Risk Committee, co-chaired by the Chief Financial Officer and Head of Financial Risk Management, approves our market risk management policy and oversees the management of market risk. Our Asset/Liability Management Committee oversees the implementation of the market risk management policy through the establishment of strategies, processes and procedures to manage market risk within established risk appetite.

Table of Contents

Interest Rate Risk

We analyze a variety of interest rate scenarios to inform us of the potential impacts from interest rate changes on earnings and the value of assets, liabilities and the economic value of equity. Our interest rate exposure can vary over time as a result of, among other things, the proportion of our total funding provided by variable and fixed-rate debt and deposits compared to our Card Member loans and receivables. Interest rate swaps are used from time to time to effectively convert debt issuances to variable-rate from fixed-rate, or vice versa. Refer to Note 13 to the “Consolidated Financial Statements” for further discussion of our derivative financial instruments.

To measure the sensitivity of net interest income to interest rate changes, we first project net interest income over the following twelve-month time horizon considering forecasted business growth and anticipated future market interest rates. The impact from rate changes is then measured by instantaneously increasing or decreasing the anticipated future interest rates by the amounts set forth in Table 22 below. Our estimated repricing risk assumes that our interest-rate sensitive assets and liabilities that reprice within the twelve-month horizon generally reprice by the same magnitude, subject to applicable interest rate caps or floors, as benchmark rates change. It is further assumed that, within our interest-rate sensitive liabilities, certain deposits reprice at lower magnitudes and at a more gradual pace than benchmark rate movements. The magnitude and timing of this repricing in turn could depend on, among other factors, the direction of rate changes. These assumptions are consistent with historical deposit repricing experience in the industry and within our own portfolio. In 2025, we refined these forecast assumptions for deposits repricing to better reflect our observed business trends in response to benchmark rate changes. The same net interest income sensitivity analysis as of December 31, 2025 and 2024, using the previous forecast assumptions, is shown in Table 23 below. Actual changes in our net interest income will depend on many factors, and therefore may differ from our estimated risk to changes in market interest rates.

TABLE 22: SENSITIVITY ANALYSIS OF INTEREST RATE CHANGES ON ANNUAL NET INTEREST INCOME AS OF DECEMBER 31, 2025

(Millions)

Instantaneous Parallel Rate Shocks (a)

+200bps

+100bps

-100bps

-200bps

(a) Negative values represent a reduction in net interest income.

TABLE 23: SENSITIVITY ANALYSIS OF INTEREST RATE CHANGES ON ANNUAL NET INTEREST INCOME AS OF DECEMBER 31, 2025 AND 2024, USING PREVIOUS DEPOSITS REPRICING ASSUMPTIONS

(Millions)

Instantaneous Parallel Rate Shocks (a)

+200bps

+100bps

-100bps

-200bps

(a) Negative values represent a reduction in net interest income.

We use economic value of equity to inform us of the potential impacts from interest rate changes on the net present value of our assets and liabilities under a variety of interest rate scenarios. Economic value of equity is calculated based on our existing assets, liabilities and derivatives, and does not incorporate projected changes in our balance sheet. Key assumptions used in this calculation include the term structure of interest rates, as well as deposit repricing and liquidation profiles used to inform duration and cash flow schedules. The economic value of equity is calculated under multiple interest rate scenarios, including baseline and immediate upward and immediate downward interest rate shocks, to assess its sensitivity to changes in interest rates. Our current sensitivity profile demonstrates that our economic value of equity generally decreases in a declining interest rate scenario and increases in an increasing interest rate scenario. The level of this sensitivity is managed within board-approved policy limits.

Table of Contents

Foreign Exchange Risk

Foreign exchange exposures arise in four principal ways: (1) Card Member spending in currencies that are not the billing currency, (2) cross-currency transactions and balances from our funding activities, (3) cross-currency investing activities, such as in the equity of foreign subsidiaries, and (4) revenues generated and expenses incurred in foreign currencies, which impact earnings.

These foreign exchange risks are managed primarily by entering into foreign exchange spot transactions or hedged with foreign exchange forward contracts when the hedge costs are economically justified and in notional amounts designed to offset pretax impacts from currency movements in the period in which they occur. As of December 31, 2025, foreign currency derivative instruments with total notional amounts of approximately $54 billion were outstanding.

With respect to Card Member spending and cross-currency transactions, including related foreign exchange forward contracts outstanding, the impact of a hypothetical 10 percent strengthening of the U.S. dollar would have been immaterial to projected earnings as of December 31, 2025. With respect to translation exposure of foreign subsidiary equity balances, including related foreign exchange forward contracts outstanding, a hypothetical 10 percent strengthening of the U.S. dollar would result in an immaterial reduction in other comprehensive income and equity as of December 31, 2025. With respect to anticipated earnings denominated in foreign currencies for the next twelve months, the adverse impact on pretax income of a hypothetical 10 percent strengthening of the U.S. dollar, net of hedges, would be approximately $200 million as of December 31, 2025.

The actual impact of interest rate and foreign exchange rate changes will depend on, among other factors, the timing of rate changes, the extent to which different rates do not move in the same direction or in the same direction to the same degree, changes in the cost, volume and mix of our hedging activities and changes in the volume and mix of our businesses.

Table of Contents

CRITICAL ACCOUNTING ESTIMATES

Refer to Note 1 to the “Consolidated Financial Statements” for a summary of our significant accounting policies. Certain of our accounting policies requiring significant management assumptions and judgments are as follows:

RESERVES FOR CARD MEMBER CREDIT LOSSES

Reserves for Card Member credit losses represent our best estimate of the expected credit losses in our outstanding portfolio of Card Member loans and receivables as of the balance sheet date. The CECL methodology requires us to estimate lifetime expected credit losses by incorporating historical loss experience, as well as current and future economic conditions over a reasonable and supportable period (R&S Period) beyond the balance sheet date.

In estimating expected credit losses, we use a combination of statistically based models and analysis of the results produced by these models to determine the quantitative and qualitative components of our total balance sheet reserves for credit losses. These quantitative and qualitative components entail a significant amount of judgment. The primary areas of judgment used in measuring the quantitative components of our reserves relate to the determination of the appropriate R&S Period, the modeling of the probability of and exposure at default, and the methodology to incorporate current and future economic conditions. We use these models and assumptions, combined with historical loss experience, to determine the reserve rates that are applied to the outstanding loan or receivable balances to produce our reserves for expected credit losses for the R&S Period. The qualitative component is intended to capture expected losses that may not have been fully captured in the quantitative component. Through an established governance structure, we consider certain external and internal factors, including emerging portfolio characteristics and trends, which consequentially may increase or decrease the reserves for Card Member credit losses.

The R&S Period, which is approximately three years, represents the maximum time-period beyond the balance sheet date over which we can reasonably estimate expected credit losses, using all available portfolio information, current economic conditions and forecasts of future economic conditions. Card Member loan products do not have a contractual term and balances can revolve if minimum required payments are made, causing some balances to remain outstanding beyond the R&S Period. To determine expected credit losses beyond the R&S Period, we immediately revert to long-term average loss rates. Card Member receivable products are contractually required to be paid in full; therefore, we have assumed the balances will be either paid or written-off no later than 180 days past due.

Within the R&S Period, our models use past loss experience and current and future economic conditions to estimate the probability of default, exposure at default and expected recoveries to estimate net losses at default. A significant area of judgment relates to how we apply future Card Member payments to the reporting period balances when determining the exposure at default. The nature of revolving loan products inherently includes a relationship between future payments and spend behavior, which creates complexity in the application of how future payments are either partially or entirely attributable to the existing balance at the end of the reporting period. Using historical customer behavior and other factors, we have assumed that future payments are first allocated to interest and fees associated with the reporting period balance and future spend. We then allocate a portion of the payment to the estimated higher minimum payment amount due because of any future spend. Any remaining portion of the future payment is then allocated to the remaining reporting period balance.

CECL requires that the R&S Period include an assumption about current and future economic conditions. We incorporate multiple macroeconomic scenarios provided to us by an independent third party. The estimated credit losses calculated from each macroeconomic scenario are reviewed each period and weighted to reflect management’s judgment about uncertainty surrounding these scenarios. These macroeconomic scenarios contain certain variables, including unemployment rates and real GDP, that are significant to our models.

Table of Contents

Macroeconomic Sensitivity

To demonstrate the sensitivity of estimated credit losses to the macroeconomic scenarios, we compared our modeled estimates under a baseline scenario to that under a pessimistic downside scenario. As of December 31, 2025, for every 10 percentage points change in weighting from the baseline scenario to the pessimistic downside scenario, the estimated credit losses increased by approximately $220 million.

The modeled estimates under these scenarios were influenced by the duration, severity and timing of changes in economic variables within each scenario and these macroeconomic scenarios, under different conditions or using different assumptions, could result in significantly different estimated credit losses. It is difficult to estimate how potential changes in specific factors might affect the estimated credit losses, and current results may not be indicative of the potential future impact of macroeconomic forecast changes.

In addition, this sensitivity analysis relates only to the modeled credit loss estimates under two scenarios without considering management’s judgment on the relative weighting for those and other scenarios, including the weight that has been placed on the downside scenario at the balance sheet date, or any potential changes in other adjustments to the quantitative reserve component or the impact of management judgment for the qualitative reserve component, which may have a positive or negative effect on the results. Thus, the results of this sensitivity analysis are hypothetical and are not intended to estimate or reflect our expectations of any changes in the overall reserves for credit losses due to changes in the macroeconomic environment.

Refer to Note 3 to the “Consolidated Financial Statements” for further information on the range of macroeconomic scenario key variables used, in conjunction with other inputs described above, to calculate reserves for Card Member credit losses.

The process of estimating these reserves requires a high degree of judgment. To the extent our expected credit loss models are not indicative of future performance, actual losses could differ significantly from our judgments and expectations, resulting in either higher or lower future provisions for credit losses in any period.

Table of Contents

LIABILITY FOR MEMBERSHIP REWARDS

The Membership Rewards program is our largest card-based rewards program. Card Members can earn points for purchases charged on their enrolled card products. A significant portion of our cards, by their terms, allow Card Members to earn bonus points for purchases at merchants in particular industry categories. Membership Rewards points are redeemable for a broad variety of rewards, including, but not limited to, travel, shopping, gift cards, and statement credits. Points typically do not expire, and there is no limit on the number of points a Card Member may earn. Membership Rewards expense is driven by charge volume on enrolled cards, customer participation in the program and contractual arrangements with redemption partners.

We record a Membership Rewards liability that represents our best estimate of the cost of points earned that are expected to be redeemed by Card Members in the future. The Membership Rewards liability is impacted over time by enrollment levels, attrition, the volume of points earned and redeemed, and the associated redemption costs. We estimate the Membership Rewards liability by determining the URR and the weighted average cost (WAC) per point, which are applied to the points of current enrollees. Refer to Note 9 to the “Consolidated Financial Statements” for additional information.

The URR assumption is used to estimate the number of points earned by current enrollees that will ultimately be redeemed in future periods. We use statistical and actuarial models to estimate the URR of points earned to date by current Card Members based on redemption trends, card product type, enrollment tenure, card spend levels and credit attributes. The WAC per point assumption is used to estimate future redemption costs and is primarily based on redemption choices made by Card Members, reward offerings by partners, and Membership Rewards program changes. The WAC per point assumption is derived from 12 months of redemptions and is adjusted as appropriate for certain changes in redemption costs that are not representative of future cost expectations and expected developments in redemption patterns.

We periodically evaluate our liability estimation process and assumptions based on changes in cost per point redeemed, partner contract changes and developments in redemption patterns, which may be impacted by product refreshes, changes in redemption options and mix of proprietary cards-in-force.

The process of estimating the Membership Rewards liability includes a high degree of judgment. Actual redemptions and associated redemption costs could differ significantly from our estimates, resulting in either higher or lower Membership Rewards expense.

Changes in the Membership Rewards URR and WAC per point have the effect of either increasing or decreasing the liability through the current period Membership Rewards expense by an amount estimated to cover the cost of all points previously earned but not yet redeemed by current enrollees as of the end of the reporting period. As of December 31, 2025, an increase in the estimated URR of current enrollees of 25 basis points would increase the Membership Rewards liability and corresponding rewards expense by approximately $229 million. Similarly, an increase in the WAC per point of 1 basis point would increase the Membership Rewards liability and corresponding rewards expense by approximately $244 million.

GOODWILL RECOVERABILITY

Goodwill represents the excess of acquisition cost of an acquired business over the fair value of assets acquired and liabilities assumed. Goodwill is not amortized but is tested for impairment at the reporting unit level annually or when events or circumstances arise, such as adverse changes in the business environment, that would more likely than not reduce the fair value of the reporting unit below its carrying value. Our methodology for conducting this goodwill impairment testing contains both a qualitative and quantitative assessment.

We have the option to initially perform an assessment of qualitative factors in order to determine whether it is more likely than not that the fair value of a reporting unit is less than its carrying amount. The qualitative factors may include, but are not limited to, economic conditions, industry and market considerations, cost factors, overall financial performance of the reporting unit and other company and reporting unit-specific events. If we determine that it is more likely than not that the fair value of a reporting unit is less than its carrying amount, we then perform the impairment evaluation using a more detailed quantitative assessment. We could also directly perform this quantitative assessment for any reporting unit, bypassing the qualitative assessment.

Table of Contents

Our methodology for conducting the quantitative goodwill impairment testing is fundamentally based on the measurement of fair value for our reporting units, which inherently entails the use of significant management judgment. For valuation, we use a combination of the income approach (discounted cash flows) and market approach (market multiples) in estimating the fair value of our reporting units.

When preparing discounted cash flow models under the income approach, we estimate future cash flows using the reporting unit’s internal multi-year forecast, and a terminal value calculated using a growth rate that we believe is appropriate in light of current and expected future economic conditions. To discount these cash flows we use our expected cost of equity, determined using a capital asset pricing model. When using the market method under the market approach, we apply comparable publicly traded companies’ multiples (e.g., earnings, revenues) to our reporting units’ operating results. The judgment in estimating forecasted cash flows, discount rates and market comparables is significant, and imprecision could materially affect the fair value of our reporting units.

We could be exposed to an increased risk of goodwill impairment if future operating results or macroeconomic conditions differ significantly from management’s current assumptions.

INCOME TAXES

We are subject to the income tax laws of the United States, its states and municipalities and those of the foreign jurisdictions in which we operate. These tax laws are complex, and the manner in which they apply to the taxpayer’s facts is sometimes open to interpretation. In establishing a provision for income tax expense, we must make judgments about the application of inherently complex tax laws.

Unrecognized Tax Benefits

We establish a liability for unrecognized tax benefits, which are the differences between a tax position taken or expected to be taken in a tax return and the benefit recognized in the financial statements.

In establishing a liability for an unrecognized tax benefit, assumptions may be made in determining whether, and the extent to which, a tax position should be sustained. A tax position is recognized only when it is more likely than not to be sustained upon examination by the relevant taxing authority, based on its technical merits. The amount of tax benefit recognized is the largest benefit that we believe is more likely than not to be realized on ultimate settlement. As new information becomes available, we evaluate our tax positions and adjust our unrecognized tax benefits, as appropriate .

Tax benefits ultimately realized can differ from amounts previously recognized due to uncertainties, with any such differences generally impacting the provision for income tax.

Deferred Tax Asset Realization

Deferred tax assets and liabilities are determined based on the differences between the financial statement and tax bases of assets and liabilities using the enacted tax rates expected to be in effect for the years in which the differences are expected to reverse.

Since deferred taxes measure the future tax effects of items recognized in the Consolidated Financial Statements, certain estimates and assumptions are required to determine whether it is more likely than not that all or some portion of the benefit of a deferred tax asset will not be realized. In making this assessment, we analyze and estimate the impact of future taxable income, reversing temporary differences and available tax planning strategies. These assessments are performed quarterly, taking into account any new information.

Changes in facts or circumstances can lead to changes in the ultimate realization of deferred tax assets due to uncertainties.

Table of Contents

OTHER MATTERS

RECENTLY ADOPTED AND ISSUED ACCOUNTING STANDARDS

Refer to the Recently Adopted and Issued Accounting Standards section of Note 1 to the “Consolidated Financial Statements.”

GLOSSARY OF SELECTED TERMINOLOGY

Allocated service costs — Represents salaries and benefits associated with our technology and customer servicing groups, allocated based on activities directly attributable to our reportable operating segments, as well as overhead expenses, which are allocated to our reportable operating segments based on their relative levels of revenue and Card Member loans and receivables.

Asset securitizations — Asset securitization involves the transfer and sale of loans or receivables to a special-purpose entity created for the securitization activity, typically a trust. The trust, in turn, issues securities, commonly referred to as asset-backed securities that are secured by the transferred loans and receivables. The trust uses the proceeds from the sale of such securities to pay the purchase price for the transferred loans or receivables. The securitized loans and receivables of our Lending Trust and Charge Trust (collectively, the Trusts) are reported as assets and the securities issued by the Trusts are reported as liabilities on our Consolidated Balance Sheets.

Billed business (Card Member spending) — Represents transaction volumes (including cash advances) on payment products issued by American Express.

Card Member — The individual holder of an issued American Express-branded card.

Card Member loans — Represents balances on our credit card products and revolve-eligible balances on our charge card products.

Card Member receivables — Represents balances on our charge card products that need to be paid in full on or before the Card Member’s payment due date.

Cards-in-force — Represents the number of cards that are issued and outstanding by American Express (proprietary cards-in-force) and cards issued and outstanding under network partnership agreements with banks and other institutions, except for retail cobrand cards issued by network partners that had no out-of-store spending activity during the prior twelve months. Basic cards-in-force excludes supplemental cards issued on consumer accounts. Cards-in-force is useful in understanding the size of our Card Member base.

Charge cards — Represents cards that generally carry no pre-set spending limits and are primarily designed as a method of payment and not as a means of financing purchases. Each transaction on a charge card with no pre-set spending limit is authorized based on its likely economics reflecting a Card Member’s most recent credit information and spend patterns. Charge Card Members must pay the full amount of balances billed each month, with the exception of balances that can be revolved under lending features offered on certain charge cards, such as Pay Over Time and Plan It ® , that allow Card Members to pay for eligible purchases with interest over time.

Cobrand cards — Represents cards issued under cobrand agreements with selected commercial partners. Pursuant to the cobrand agreements, we make payments to our cobrand partners, which can be significant, based primarily on the amount of Card Member spending and corresponding rewards earned on such spending and, under certain arrangements, on the number of accounts acquired and retained. The partner is then liable for providing rewards to the Card Member under the cobrand partner’s own loyalty program.

Credit cards — Represents cards that have a range of revolving payment terms, structured payment features (e.g., Plan It, Expanded Buying Power), grace periods, and rate and fee structures.

Discount revenue — Primarily represents the amount we earn and retain from the merchant payable for facilitating transactions between Card Members and merchants on payment products issued by American Express.

Goods & Services (G&S) spend — Includes spend in merchant categories other than T&E-related merchant categories, which includes B2B spending by small and mid-sized enterprise customers in our CS and ICS segments.

Interest expense — Includes interest incurred primarily to fund Card Member loans and receivables, general corporate purposes and liquidity needs. Interest expense is divided principally into two categories: (i) deposits, which primarily relates to interest expense on deposits taken from customers and institutions, and (ii) debt, which primarily relates to interest expense on our long-term financing and short-term borrowings, (e.g., commercial paper, federal funds purchased, bank overdrafts and other short-term borrowings), as well as the realized impact of derivatives hedging interest rate risk on our long-term debt.

Interest income — Includes (i) interest on loans, (ii) interest and dividends on investment securities and (iii) interest income on deposits with banks and other.

Table of Contents

Interest on loans — Assessed using the average daily balance method for Card Member loans. Unless the loan is classified as non-accrual, interest is recognized based upon the principal amount outstanding in accordance with the terms of the applicable account agreement until the outstanding balance is paid or written off.

Interest and dividends on investment securities — Primarily relates to our performing fixed-income securities. Interest income is recognized using the effective interest method, which adjusts the yield for security premiums and discounts, fees and other payments, so a constant rate of return is recognized on the outstanding balance of the related investment security throughout its term. Amounts are recognized until securities are in default or when it is likely that future interest payments will not be made as scheduled.

Interest income on deposits with banks and other — Primarily relates to the placement of cash in excess of near-term funding requirements in interest-bearing time deposits, overnight sweep accounts, and other interest-bearing demand and call accounts.

Locations in force (LIF) — Represents proprietary and partner acquired merchant locations where the merchant is enabled to accept American Express. LIF estimates incorporate data provided to us by certain third parties and include merchants that accept American Express through payment facilitators and merchants that accept American Express through digital wallets.

Loyalty coalitions — Programs that enable consumers to earn rewards points and use them to save on purchases from a variety of participating merchants through multi-category rewards platforms. Merchants in these programs generally fund the consumer offers and are responsible to us for the cost of rewards points; we earn revenue from operating the loyalty platform and by providing marketing support.

Net card fees — Represents the card membership fees earned during the period recognized as revenue over the covered card membership period (typically one year), net of the provision for projected refunds for Card Membership cancellation and deferred acquisition costs.

Net interest yield — Represents net interest income, computed on an annualized basis, as applicable, divided by average Card Member loans, Card Member loans HFS, Other loans and Card Member receivables. Reserves and net write-offs related to uncollectible interest are recorded through provision for credit losses and are thus not included in the net interest yield calculation.

Net write-off rate — principal only — Represents the amount of proprietary consumer or small business Card Member loans or receivables written off, consisting of principal (resulting from authorized transactions), less recoveries, as a percentage of the average loan or receivable balance during the period.

Net write-off rate — principal, interest and fees — Includes, in the calculation of the net write-off rate, amounts for interest and fees in addition to principal for Card Member loans, and fees in addition to principal for Card Member receivables.

Network partnership revenue — Represents revenues related to network partnership agreements, comprising royalties, fees and amounts earned for facilitating transactions on cards issued by network partners. Network partnership revenue also includes fees earned on alternative payment solutions facilitated by American Express.

Network volumes — Represents total transaction volumes (including cash advances) on payments products issued by American Express and under network partnership agreements with banks and other institutions, including joint ventures, as well as alternative payment solutions facilitated by American Express.

Operating expenses — Represents salaries and employee benefits, professional services, data processing and equipment, and other expenses.

Other loan s — Represents balances on non-card payment and financing products that are not associated with a Card Member agreement, and instead are governed by a separate borrowing relationship. Other loans consist primarily of consumer installment loans and lines of credit offered to small business customers.

Proprietary new cards acquired — Represents the number of new cards issued by American Express during the referenced period, net of replacement cards. Proprietary new cards acquired is useful as a measure of the effectiveness of our customer acquisition strategy.

Reserve build (release) — Represents the portion of the provisions for credit losses for the period related to increasing or decreasing reserves for credit losses as a result of, among other things, changes in volumes, macroeconomic outlook, portfolio composition and credit quality of portfolios. Reserve build represents the amount by which the provision for credit losses exceeds net write-offs, while reserve release represents the amount by which net write-offs exceed the provision for credit losses.

T&E spend — Represents spend on travel and entertainment, which primarily includes airline, cruise, lodging and dining merchant categories.

See “Consolidated Capital Resources and Liquidity — Capital Strategy” for definitions of our regulatory risk-based capital and leverage ratios.

Table of Contents

CAUTIONARY NOTE REGARDING FORWARD-LOOKING STATEMENTS

This report includes forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995, which are subject to risks and uncertainties. The forward-looking statements, which address our current expectations regarding business and financial performance, among other matters, contain words such as “believe,” “expect,” “anticipate,” “intend,” “plan,” “aim,” “will,” “may,” “should,” “could,” “would,” “likely,” “estimate,” “potential,” “continue” and similar expressions. Readers are cautioned not to place undue reliance on these forward-looking statements, which speak only as of the date on which they are made. We undertake no obligation to update or revise any forward-looking statements. Factors that could cause actual results to differ materially from these forward-looking statements, include, but are not limited to, the following:

• our ability to grow earnings per share in the future, which will depend in part on revenue growth, credit performance, credit reserve and expense levels and the effective tax rate remaining consistent with current expectations and our ability to continue executing our investment philosophy, including investing at high levels in areas that can drive sustainable growth (such as our brand, value propositions, coverage, marketing, technology, partnerships and talent), controlling operating expenses, effectively managing risk and executing our share repurchase program, any of which could be impacted by, among other things, the factors identified in the subsequent paragraphs as well as the following: macroeconomic and geopolitical conditions, including a slowdown in U.S. or global economic growth, changes to consumer and business confidence, higher rates of unemployment, global trade relations and the effects of announced or future tariffs, international tensions, hostilities and instability, changes in interest rates, inflation, supply chain issues, market volatility, government shutdowns and fiscal and monetary policies; the impact of any future contingencies, including, but not limited to, legal costs and settlements, the imposition of fines or monetary penalties, increases in Card Member remediation, investment gains or losses, restructurings, impairments and changes in reserves; issues impacting brand perceptions and our reputation; changes in the competitive environment; impacts related to acquisitions, cobrand relationships and other partners, portfolio sales, joint ventures and other investments; and the impact of regulation and litigation, which could affect the profitability of our business activities, limit our ability to pursue business opportunities, require changes to business practices or alter our relationships with Card Members, partners and merchants;

• our ability to grow revenues net of interest expense and the sustainability of our future growth, which could be impacted by, among other things, the factors identified above and in the subsequent paragraphs, as well as the following: spending volumes and the spending environment not being consistent with expectations, including spending by U.S. consumer and small & mid-sized business Card Members, such as due to uncertain business and economic conditions; an inability to address competitive pressures, attract and retain customers, invest in and enhance our Membership Model of premium products, differentiated services and partnerships, successfully refresh our card products (e.g., the U.S. Consumer and Business Platinum Card refreshes), grow spending and lending with customers across age cohorts (including Millennial and Gen-Z customers) and commercial segments and implement strategies and business initiatives, including within the premium consumer space, commercial payments and the global network; the effects of regulatory initiatives, including pricing regulation, such as potential credit card interest rate caps, and network regulation; merchant coverage growing less than expected or the reduction of merchant acceptance or the perception of coverage; increased surcharging, steering, suppression or other differential acceptance practices with respect to our products; merchant discount rates changing from our expectations; and changes in foreign currency exchange rates;

• net card fee revenues not performing consistently with expectations, which could be impacted by, among other things, the pace of Card Member acquisition activity and demand for our fee-based products; higher Card Member attrition rates; the success and timing of our refreshes of our card products (including U.S. Consumer and Business Platinum Card acquisition and retention levels following the refreshes); a decrease in the ability and desire of Card Members to pay card fees, such as due to a deterioration in macroeconomic conditions or as a result of changes in card fees; the competitive environment and the perception of the value provided by premium cards; regulatory initiatives impacting card fees; and our inability to deliver and enhance benefits and services, innovate with respect to our products and develop attractive premium value propositions for new and existing customers;

• net interest income, the effects of changes in interest rates and the growth of loans and Card Member receivables outstanding and revolving balances, being higher or lower than expectations, which could be impacted by, among other things, the behavior and financial strength of Card Members and their actual spending, borrowing and paydown patterns; the effectiveness of our strategies to enhance Card Member value propositions, grow lending with premium customers and capture a greater share of Card Members’ spending and borrowings and attract new, and retain existing, customers; our ability to effectively introduce and enhance lending features on our products and manage underwriting risk; governmental actions to cap credit card interest rates; changes in benchmark interest rates, including where such changes affect our assets or liabilities differently than expected; our ability to grow deposits, including from Card Members; continued volatility and other changes in capital and credit market conditions and the availability and cost of capital; credit actions, including line size and other adjustments to credit availability; the yield on Card Member loans differing from current expectations; and loss or impacts to cobrand relationships;

Table of Contents

• future credit performance, the level of future delinquency, reserve and write-off rates and the amount and timing of future reserve builds and releases, which will depend in part on macroeconomic factors such as actual and projected unemployment rates and GDP; the ability and willingness of Card Members to pay amounts owed to us; changes in loans and receivables outstanding, such as from the implementation of our strategy to capture spending and borrowings, or from changes in consumer behavior that affect loan and receivable balances (e.g., paydown and revolve rates); changes in the levels of customer acquisitions and the credit profiles of new customers acquired; financial stress and volume of bankruptcies of Card Members and business partners; credit-related fraud levels; card portfolio sales; the magnitude of seasonal fluctuations in credit metrics; the enrollment in, and effectiveness of, financial relief programs and the performance of accounts as they exit from such programs; the effects of the resumption of student loan repayments; collections capabilities and recoveries of previously written-off loans and receivables; and the impact of the usage of debt settlement companies;

• the actual amount to be spent on Card Member rewards and services and business development, and the relationship of these variable customer engagement costs to revenues, which could be impacted by the investments and enhancements that we make with respect to our value propositions, including our reward programs and product benefits, such as in connection with card refreshes (e.g., recently introduced U.S. Consumer and Business Platinum Card benefits), to make them attractive to Card Members and prospective customers, potentially in a manner that is not cost-effective; changes in the level of Card Member spending and spending patterns (including the level of spend in bonus categories), the redemption of rewards and offers (including travel redemptions) and usage of travel-, lifestyle- and business-related benefits; the costs related to reward point redemptions; levels of Card Member acquisitions on premium card products; changes in our models or assumptions used to estimate these expenses; new and renegotiated contractual obligations with business partners, which may be affected by business partners with greater scale and leverage; our ability to identify and negotiate partner-funded value for Card Members; and the pace and cost of the expansion of our global lounge collection;

• the actual amount we spend on marketing in the future and the effectiveness and efficiency of our marketing spend, which will be based in part on continued changes in the macroeconomic and competitive environment and business performance, including the levels of demand for our products; our ability to realize marketing efficiencies, including as a result of investments in our product value propositions and the use of technology, such as the personalization of offers, and balance expense control and investments in the business; management’s investment optimization process and its ability to develop premium value propositions and drive customer demand; management’s identification and assessment of attractive investment opportunities and decisions regarding the timing of investments; and the receptivity of Card Members and prospective customers to advertising and customer acquisition initiatives;

• our ability to control operating expenses, including relative to revenue growth, and the actual amount we spend on operating expenses in the future, which could be impacted by, among other things, salary and benefit expenses to attract and retain talent; our ability to realize operational efficiencies, including through increased scale and automation and continued adoption of AI technologies; management’s ability to balance expense control and investments in the business and its decisions regarding spending in such areas as technology, business and product development, sales force, premium servicing and digital capabilities; our ability to innovate efficient channels of customer interactions and the willingness of Card Members to self-service and address issues through digital channels; restructuring activity; fraud costs; inflation and supply chain issues; increased technology costs, including investments in technology innovations and system upgrades; expenses related to enterprise risk management and compliance and consulting, legal and other professional services fees, including as a result of our growth, litigation and internal and regulatory reviews; the impact of changes in foreign currency exchange rates on costs; regulatory assessments; the level of M&A activity and related expenses; information security or cybersecurity incidents; the payment of fines, penalties, disgorgement, restitution, non-income tax assessments and litigation-related settlements; the performance of Amex Ventures and other of our investments; and impairments of goodwill or other assets;

• our tax rate not remaining consistent with expectations, which could be impacted by, among other things, further changes in tax laws and regulation, the implementation by jurisdictions of the Organization for Economic Cooperation and Development’s global minimum tax guidelines (including safe harbors for U.S. multinational enterprises), our geographic mix of income, unfavorable tax audits, assessments and tax litigation outcomes, and the occurrence or nonoccurrence of other discrete tax items;

• changes affecting our plans regarding the return of capital to shareholders, including increasing the level of the dividend, which will depend on factors such as our capital levels and regulatory capital ratios; the results of our stress testing and capital planning process and new rulemakings and guidance from the Federal Reserve and other banking regulators, including changes to regulatory capital requirements, such as from the U.S. federal bank regulatory agencies’ Basel III rulemaking; our results of operations and financial condition; our credit ratings and rating agency considerations; required company approvals; and the economic environment and market conditions in any given period;

Table of Contents

• changes in the substantial and increasing worldwide competition in the payments industry, including competitive pressure and competitor settlements that may materially impact the prices charged to merchants that accept American Express cards; merchant acceptance, surcharging, steering and other differential acceptance practices; the desirability of competitor premium card products and competition for partnerships and premium experiences, services and benefits; competition for new and existing cobrand relationships; competition from new and non-traditional competitors, such as financial technology companies, and with respect to new products, services and technologies, such as the emergence or increase in popularity of agentic commerce, digital payment platforms and currencies and other alternative payment mechanisms; competitor acquisitions and transactions; and the success of marketing, promotion, rewards programs, offers and travel-, lifestyle- and business-related benefits (e.g., lounges, dining, entertainment and business tools);

• our ability to sustain our momentum and leadership in the premium consumer space, including with Millennial and Gen-Z consumers, and the success of the refresh of our U.S. Consumer Platinum Card ® , which will be impacted in part by competition, levels of consumer demand for premium card products, brand perceptions (including perceptions related to merchant coverage) and reputation, and our ability to develop and market new benefits, services, experiences and other value propositions, as well as new digital capabilities, that appeal to Card Members and new customers, grow spending with new and younger age cohort Card Members, offer attractive services and rewards programs and build greater customer loyalty, which will depend in part on identifying and funding investment opportunities, addressing changing customer behaviors, new product innovation and development, Card Member acquisition efforts and enrollment processes, including through digital channels, continuing to realize benefits from strategic partnerships, successfully implementing our dining strategy and evolving our infrastructure to support new products, services and benefits;

• our ability to build on our leadership in commercial payments and the success of the refresh of our U.S. Business Platinum Card ® , which will depend in part on competition, including from financial technology companies and as a result of competitor acquisitions and transactions; the willingness and ability of companies to use credit and charge cards for procurement and other business expenditures as well as use our other products and services for financing needs; the acceptance of, and economics related to, B2B payment platforms; our ability to offer attractive value propositions and new products to current and potential customers; our ability to enhance and expand our payment, lending, cash flow and expense management solutions, including the release of a suite of offerings for small & mid-sized business customers, increase customer engagement, and build out a multi-product digital ecosystem to integrate our broad product set, which is dependent on our continued investment in capabilities, features, functionalities, platforms and technologies and the successful integration of, and introduction of, and capabilities related to, our Center acquisition; and the success of our initiatives to support businesses, such as Small Business Saturday and other Shop Small campaigns;

• our ability to expand merchant coverage globally and our success, as well as the success of third-party merchant acquirers, processors and payment facilitators, in signing merchants to accept American Express, which will depend on, among other factors, the value propositions offered to merchants and merchant acquirers for card acceptance, the awareness and willingness of Card Members to use American Express cards at merchants, scaling marketing and expanding programs to increase card usage, identifying and growing acceptance in low- and new-to-plastic industries and businesses as they form, working with commercial buyers and suppliers to establish B2B acceptance, executing on our plans to increase coverage in priority international cities, destinations, countries and industry verticals, merchant point-of-sale practices, and continued network investments, including in capabilities that allow for greater digital integration and modernization of our authorization platform;

• our ability to successfully invest in, benefit from and expand the use of technological developments, digital payments, servicing, travel & dining solutions, generative AI and other technological capabilities, which will depend in part on our success in evolving our products and processes for the digital environment and agentic commerce; developing new features in our applications and platforms and enhancing our digital channels; effectively utilizing AI & ML and increasing automation, including to enhance our products, develop new capabilities and address servicing and other business and customer needs; supporting the use of our products as a means of payment through online, mobile, agentic and other digital channels; building partnerships and executing programs with other companies; and effectively utilizing data and data & analytics platforms, including successfully migrating to new platforms, all of which will be impacted by investment levels, customer and colleague receptiveness and ability to adopt new technologies, new product innovation and development and the platforms and infrastructure to support new products, services, benefits and partner integrations;

• our ability to grow internationally, which could be impacted by regulation and business practices, such as those capping interchange or other fees, mandating network access or data localization, imposing greater requirements on payment networks, favoring local competitors or prohibiting or limiting foreign ownership of certain businesses; perceptions of our brand in international jurisdictions; our inability to successfully replicate aspects of our business model internationally and tailor products and services to make them attractive to local customers; competitors with more scale, local experience and established relationships with relevant customers, regulators and industry participants; the success of us and our network partners in acquiring Card Members and/or merchants; and geopolitical and economic instability, hostilities and tensions (such as involving China and the U.S.), and impacts to cross-border trade and travel;

Table of Contents

• our ability to successfully implement our dining strategy and grow our dining platform, which will depend in part on our ability to grow the number of diners, restaurants and other bookable venues using the platform and transactions on the platform; expand and innovate in the tools and capabilities offered through the platform, including integrating the Tock and Rooam acquisitions and benefiting from their added capabilities, users and/or bookable venues; successfully implement partnerships and compete with other dining platforms and means of booking venues; and effectively utilize our dining platform and dining partnerships to provide value to Card Members and merchants and sell our products and services;

• a failure in or breach of our operational or security systems, processes or infrastructure, or those of third parties, including as a result of cyberattacks or outages, which could compromise the confidentiality, integrity, privacy and/or security of data, disrupt our or our partners’ operations, reduce the use and acceptance of American Express cards or our digital platforms and lead to regulatory scrutiny, litigation, remediation and response costs and reputational harm;

• changes in capital and credit market conditions, including those resulting from recent volatility, which may significantly affect our ability to meet our liquidity needs and expectations regarding capital ratios; our access to capital and funding costs; the valuation of our assets; and our credit ratings or those of our subsidiaries;

• our funding plan being implemented in a manner inconsistent with current expectations, which will depend on various factors such as future business growth, liquidity needs, the impact of global economic, political and other events on market capacity, demand for securities we offer, regulatory changes, our ability to securitize and sell loans and receivables and the performance of loans and receivables previously sold in securitization transactions;

• legal and regulatory developments, which could affect the profitability of our business activities; limit our ability to pursue business opportunities or conduct business in certain jurisdictions; require changes to business practices or governance, or alter our relationships with Card Members, partners, merchants and other third parties, including affecting our network operations and practices governing merchant acceptance, as well as our ability to continue certain cobrand relationships in the EU; impact interest income, card fees and rewards programs; exert further pressure on merchant discount rates and our network business, as well as result in an increase in surcharging, steering or other differential acceptance practices; alter the competitive landscape; subject us to heightened regulatory scrutiny and result in increased costs related to regulatory oversight and compliance, litigation-related settlements, judgments or expenses, restitution to Card Members or the imposition of fines or monetary penalties; materially affect capital or liquidity requirements, results of operations or ability to pay dividends; or result in harm to the American Express brand;

• changes in the financial condition and creditworthiness of our business partners, such as bankruptcies, restructurings, financial distress or consolidations, including of cobrand partners, merchants that represent a significant portion of our business, network partners or financial institutions that we rely on for routine funding and liquidity, which could materially affect our financial condition or results of operations; and

• factors beyond our control such as business, economic and geopolitical conditions, consumer and business confidence and spending generally, unemployment rates, market volatility, energy costs, government shutdowns and other political developments, further escalations or widening of international tensions, regional hostilities and military conflicts (such as in the Middle East and Ukraine), adverse developments affecting third parties, including other financial institutions, merchants, partners or vendors, as well as severe weather conditions and natural disasters (e.g., hurricanes and wildfires), power loss, disruptions in telecommunications, pandemics, terrorism and other catastrophic events, any of which could significantly affect demand for and spending on American Express cards, credit metrics and reserves, loan and receivable balances, deposit levels and other aspects of our business and results of operations or disrupt our global network systems and ability to process transactions.

A further description of these uncertainties and other risks can be found in “Risk Factors” and our other reports filed with the SEC.

Table of Contents