BFH Bread Financial Holdings, Inc. - 10-K

Risk Factors

Unresolved Staff Comments

C ybersecurity

Properties

Legal Proceedings

Mine Safety Disclosures

PART II

Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities

[RESERVED]

Management’s Discussion and Analysis of Financial Condition and Results of Operations

Quantitative and Qualitative Disclosures About Market Risk

Financial Statements and Supplementary Data

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

Controls and Procedures

Other Information

Disclosure Regarding Foreign Jurisdictions that Prevent Inspections

PART III

Directors, Executive Officers and Corporate Governance

Executive Compensation

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

Certain Relationships and Related Transactions, and Director Independence

Principal Accounting Fees and Services

PART IV

Exhibits and Financial Statement Schedules

Form 10-K Summary

Table of Contents

This report includes trademarks, such as Bread ® , Bread Financial ® , Bread Cashback ® , Bread Rewards™, Bread Pay ® and Bread Savings ® , which are protected under applicable intellectual property laws and are the property of Bread Financial Holdings, Inc. or our subsidiaries. This report also contains trademarks, service marks, copyrights and trade names of other companies, which are the property of their respective owners. Solely for convenience, our trademarks and trade names referred to in this report may appear without the ® or ™ symbols, but such references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights or the right of the applicable licensor to these trademarks and trade names.

Throughout this report, unless stated or the context implies otherwise, the terms “Bread Financial,” “BFH,” the “Company,” “we,” “our” or “us” refer to Bread Financial Holdings, Inc. and its subsidiaries on a consolidated basis. References to “Parent Company” refer to Bread Financial Holdings, Inc. on a parent-only standalone basis. In addition, in this report we may refer to the retailers and other companies with whom we do business as our “partners,” “brand partners,” or “clients,” provided that the use of the term “partner,” “partnering” or any similar term does not mean or imply a formal legal partnership, and is not meant in any way to alter the terms of Bread Financial’s relationship with any third parties. We offer our credit products through our insured depository institution subsidiaries, Comenity Bank and Comenity Capital Bank, which together are referred to herein as the “Banks.”

Table of Contents

Cautionary Note Regarding Forward-Looking Statements

This Form 10-K and the documents incorporated by reference herein contain forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. Forward-looking statements give our expectations or forecasts of future events and can generally be identified by the use of words such as “believe,” “expect,” “anticipate,” “estimate,” “intend,” “project,” “plan,” “likely,” “may,” “should” or other words or phrases of similar import. Similarly, statements that describe our business strategy, outlook, objectives, plans, intentions or goals also are forward-looking statements. Examples of forward-looking statements include, but are not limited to, statements we make regarding, and the guidance we give with respect to, our anticipated operating or financial results, future financial performance and outlook, future dividend declarations or stock repurchases and future economic conditions.

We believe that our expectations are based on reasonable assumptions. Forward-looking statements, however, are subject to a number of risks and uncertainties that are difficult to predict and, in many cases, beyond our control. Accordingly, our actual results could differ materially from the projections, anticipated results or other expectations expressed in this report, and no assurances can be given that our expectations will prove to have been correct. Factors that could cause the outcomes to differ materially include, but are not limited to, the following:

• macroeconomic conditions, including market conditions, inflation, interest rates, labor market conditions, recessionary pressures or concerns over a prolonged economic slowdown, and the related impact on consumer spending behavior, payments, debt levels, savings rates and other behaviors;

• global political and public health events and conditions, including significant shifts in trade policy, such as changes to, or the imposition of, tariffs and/or trade barriers and consequently any economic impacts, volatility, uncertainty and geopolitical instability resulting therefrom, as well as ongoing wars and military conflicts, and natural disasters;

• future credit performance of our customers, including the level of future delinquency and charge-off rates;

• loss of, or reduction in demand for services and/or products from, significant brand partners or customers in the highly competitive markets in which we operate, including competition from new and non-traditional competitors, such as financial technology companies, and with respect to new products, services and technologies, such as the emergence or increase in popularity of agentic commerce, digital payment platforms and currencies and other alternative payment and deposit solutions;

• the concentration of our business in U.S. consumer credit;

• increases or volatility in the Allowance for credit losses that may result from the application of the current expected credit loss (CECL) model;

• inaccuracies in the models and estimates on which we rely, including our credit risk management models and the amount of our Allowance for credit losses;

• increases in fraudulent activity;

• failure to identify, complete or successfully integrate or disaggregate business acquisitions, divestitures and other strategic initiatives, including, with respect to divested businesses, any associated guarantees, indemnities or other liabilities;

• the extent to which our results are dependent upon our brand partners, including our brand partners’ financial performance and reputation, as well as the effective promotion and support of our products by brand partners;

• increases in the cost of doing business, including market interest rates;

• our level of indebtedness and inability to access financial or capital markets, including asset-backed securitization funding or deposits markets;

• restrictions that limit our Banks’ ability to pay dividends to us;

• pending and future litigation;

• pending and future federal, state, local and foreign legislation, executive action, regulation, supervisory guidance and regulatory and legal actions including, but not limited to, those related to financial regulatory reform and consumer financial services practices, as well as any such actions that would place limits on credit card interest rates or late fees, interchange fees or other charges;

• increases in regulatory capital requirements or other support for our Banks;

• failures, or breaches in our operational or security systems, including as a result of cyberattacks, unanticipated impacts from technology modernization projects, failure of our information security controls or otherwise;

• loss of consumer information or other data due to compromised physical or cyber security, including disruptive attacks from financially motivated bad actors and third-party supply chain issues;

Table of Contents

• any liability or other adverse impacts arising out of or related to the spinoff of our former LoyaltyOne segment or the bankruptcy filings of Loyalty Ventures Inc. (LVI) and certain of its subsidiaries, including the pending litigation against us in connection with the spinoff; and

• those factors discussed in Item 1A of this Form 10-K, elsewhere in this Form 10-K and in the documents incorporated by reference in this Form 10-K.

If one or more of these or other risks or uncertainties materialize, or if our underlying assumptions prove to be incorrect, actual results may vary materially from what we projected.

Any forward-looking statements contained in this Form 10-K speak only as of the date made, and we undertake no obligation, other than as required by applicable law, to update or revise any forward-looking statements, whether as a result of new information, subsequent events, anticipated or unanticipated circumstances or otherwise.

Tabl e of Contents

PART I

Item 1.    Business.

We are a tech-forward financial services company that provides simple, personalized payment, lending, and saving solutions to millions of U.S. consumers. Our payment solutions, including Bread Financial general purpose credit cards and savings products, empower our customers and their passions for a better life. Additionally, we deliver growth for some of the most recognized brands in travel and entertainment, health and beauty, jewelry and specialty apparel through our private label and co-brand credit cards and pay-over-time products providing choice and value to our shared customers.

We have continued to diversify our product mix with our brand partners through growth of our co-brand credit card programs, which, relative to our private label credit card programs, have higher credit sales per account and an improved credit risk mix that generally results in higher transactor balances, lower delinquencies and late fees, as well as lower losses. We also offer our proprietary credit cards along with the expansion of our Bread Pay products, which are our installment loans and “split-pay” offerings.

Our partner base consists of large consumer-based businesses, including well-known brands such as (alphabetically) AAA, Academy Sports + Outdoors, Caesars, Dell Technologies, Hard Rock International, the NFL, Raymour & Flanigan, Saks Fifth Avenue, Signet, Ulta and Victoria’s Secret, as well as small- and medium-sized businesses (SMBs). Our partner base is well diversified across a broad range of industries and retail verticals, including travel and entertainment, specialty apparel, health and beauty, jewelry, sporting goods, technology and electronics, as well as home and furniture. We believe our comprehensive suite of payment, lending and saving solutions, along with our related marketing and data and analytics, offers us a significant competitive advantage with products relevant across all customer segments (Gen Z, Millennial, Gen X and Baby Boomers). The breadth and quality of our product and service offerings, coupled with our customer-centric approach, have enabled us to establish and maintain long-standing partner relationships. We operate our business through a single reportable segment, with our primary source of revenue being from Interest and fees on loans from our various credit card and other loan products, and to a lesser extent from contractual relationships with our brand partners.

With our range of offerings, we provide relevant products across consumer segments, including Gen Z and Millennials who are more likely to be drawn to cash flow management products such as our pay-over-time installment loans and “split-pay” offerings as compared to Gen X and Baby Boomers, while Gen X and Baby Boomers generally gravitate more toward rewards and the convenience of a co-brand or private label credit card. In addition, we continue to scale and optimize our direct-to-consumer lending, payment and saving products for new and existing customers, including through our proprietary credit cards and Bread Savings products. We also continue to diversify and optimize our loan portfolio, prioritizing our investment in strong and profitable partners, industries and affinity brands, while continuing to develop our Bread Pay products, which are our installment loans and “split-pay” offerings, and exploring various strategic business opportunities adjacent to our core co-brand and private label credit card business (business adjacencies) in an evolving payments, macroeconomic and regulatory environment. As of December 31, 2025, we had $18.8 billion in Credit card and other loans from approximately 34 million open and outstanding accounts, with an average balance for the year ended December 31, 2025 of $1,047 for accounts with outstanding balances.

Our Primary Product Offerings

Our primary product offerings consist of our: (i) co-brand and private label credit card programs with retailers and other brand partners; (ii) direct-to-consumer (DTC), proprietary general purpose credit cards; (iii) Bread Pay products; and (iv) Bread Savings products. These product offerings are not exclusive, and, where appropriate, we seek to introduce partners and customers to our other product offerings.

Co-Brand and Private Label Credit Card Lending

Our core business is working with many of the country’s best-known brands and retailers (who we call our partners or brand partners) to drive sales and loyalty through their co-brand and private label credit card programs. In these programs, we (through our Banks) are the credit card issuer and lender to our partners’ customers, and we also service the loans and provide a variety of other related services, which are described in more detail below. Our co-brand and private label partner base, with nearly 100 brands and numerous online merchants, consists of many large consumer-based businesses, including well-known brands such as (alphabetically) AAA, Academy Sports + Outdoors, Caesars, Dell Technologies, Hard Rock International, the NFL, Raymour & Flanigan, Saks Fifth Avenue, Signet, Ulta and Victoria’s Secret. Our partners benefit from our customer insights and analytics, with each of our branded credit card programs tailored to our partner’s brand and

Tabl e of Contents

their unique customers. Our co-brand and private label program agreements with our brand partners are generally long-term, exclusive contracts, with terms typically ranging from 5 to 10 years.

Our co-brand credit cards are general purpose credit cards that can be used to purchase goods and services from the applicable partner, as well as any other retailers wherever cards from the named card network (American Express, MasterCard or Visa) are accepted. Credit extended under our co-brand credit cards is typically on standard terms only. Charges made using a co-brand credit card, particularly charges made outside of the co-brand partner, generate interchange revenue for us. Relative to our private label loan portfolio, our co-brand loan portfolio generally has lower revenue yields. In addition, our co-brand customers generally have higher credit scores and therefore higher credit lines, with the majority of our co-brand customers having a Vantage score in excess of 660. Our average outstanding co-brand credit card account balance for the year ended December 31, 2025 was $1,821. For the year ended December 31, 2025, customer spending on our co-brand credit cards comprised approximately 52% of our credit sales, which we believe enables us to capture incremental and non-discretionary purchases as consumer spending patterns shift in response to evolving economic conditions.

Private label credit cards are partner-branded credit cards used by consumers exclusively for the purchase of goods and services from that particular partner. Credit under a private label credit card typically is extended either on standard terms, which means accounts are assessed periodic interest charges using an agreed non-promotional fixed and/or variable interest rate, or pursuant to a promotional financing offer, involving deferred interest, reduced interest or no interest during a set promotional period (typically between six and 60 months). We typically do not charge interchange or other fees to our partners when customers use our private label credit cards to purchase our partners’ goods and services. For the year ended December 31, 2025, customer spending on our private label credit cards comprised approximately 43% of our credit sales. Private label credit card loan balances are typically smaller, with an average outstanding account balance for the year ended December 31, 2025 of $775; although, we do offer “big ticket” purchase financing and financing for medical and dental procedures with certain private label brand partners, which often involve larger amounts. Relative to our co-brand loan portfolio, our private label loan portfolio generally has higher revenue yields. In addition, our private label customers generally have lower credit scores and therefore lower credit lines, and are generally more likely to be delinquent in their payments, have accounts with higher annual percentage rates (APRs) and have more late fees assessed.

We offer deferred interest rate, as well as low or no interest rate promotional financing to customers in certain of our brand partner programs; in some of these programs, we charge an initial fee to customers entering into promotional plan financing arrangements. In both our co-brand and private label partner relationships, we receive a merchant discount fee from our partners to compensate us for all or part of the forgone interest income associated with promotional financing. The terms of these promotions vary by partner, but generally the longer the deferred interest, reduced interest or interest-free period, the greater the partner’s merchant discount fee. Some offers permit customers to pay for a purchase in equal monthly payments with no interest or at a reduced interest rate over a specified period of time, rather than deferring or delaying interest charges. Our credit card program agreements may also provide for royalty payments, or retailer share arrangements, to our brand partners based on purchase volume or if certain contractual incentives are met, such as if the economic performance of the program exceeds a contractually defined threshold, or for new accounts acquired. These amounts are recorded as a reduction of revenue in the period incurred.

In addition to the retailer share arrangements, our program agreements typically provide that the parties will develop a marketing plan to support the program, along with the terms by which a joint marketing budget is funded. Marketing costs for which we are responsible under the plan are expensed as incurred. Our program agreements also typically provide that the parties will develop the terms of the rewards program linked to the use of our product, such as opportunities to receive double rewards points for purchases made on a product, along with the allocation of costs between the parties related to the rewards program. The credit card programs we operate typically provide rewards points, which are redeemable for a variety of products or awards, or merchandise discounts earned by the customer having achieved a preset spending level. Other programs may include cash back rewards or statement credits. The rewards can be mailed to the cardholder, accessed digitally, or may be immediately redeemable at the partner’s retail location. Costs of cardholder rewards arrangements are recognized when the rewards are earned by the cardholders and are generally recorded as a reduction of revenue.

As a general matter, the financial terms and conditions governing our co-brand and private label credit card products vary by program and product type and may change over time; although, we seek to standardize the non-financial provisions consistently across all products to the extent possible. The terms and conditions of all of our credit card products are governed by a cardholder agreement and applicable laws and regulations. We assign each credit card account a credit limit when the account is initially opened by the customer. Thereafter, we may increase or decrease individual credit limits from time to time, at our sole discretion, based primarily on our evaluation of the customer’s creditworthiness and ability to pay.

Tabl e of Contents

For the vast majority of accounts, periodic interest charges are calculated using the daily balance method, which results in daily compounding of periodic interest charges. Cash advances are not subject to an interest grace period, and for some credit card programs we do not provide an interest grace period for promotional purchases. In addition to periodic interest charges, we may impose other charges and fees on credit card accounts, including, as applicable and provided in the cardholder agreement, late fees where a customer has not paid at least the minimum payment due by the required due date, as well as paper statement fees, which we charge on certain credit card accounts receiving monthly paper statements for certain of our brand partner programs. Typically, each customer with an outstanding amount due on his or her credit card account must make a minimum payment each month; a customer may pay the total amount due at any time without penalty. We also may enter into arrangements with delinquent customers to modify their payments and/or waive or reduce interest charges and/or fees; we do not offer programs involving the forgiveness of principal. We make it easier for customers to make payments by offering recurring automatic payment functionality, as well as other electronic payment methods on all cardholder accounts.

Our program agreements generally permit termination in various circumstances, including a breach of the agreement or in the event the brand partner becomes insolvent, files bankruptcy, undergoes a change in ownership or has a material adverse change in financial condition. Certain of our program agreements also provide that upon termination, the brand partner has either the option or the obligation to purchase the loans generated with respect to its program. Correspondingly, in certain cases when we acquire a new brand partner, we purchase its existing credit card loan portfolio, if any, from either the brand partner or the operator of its prior card program.

Direct-to-Consumer Credit Cards

Our DTC, proprietary general purpose credit cards consist of our Bread Cashback American Express Credit Card and our Bread Rewards American Express Credit Card. Our DTC credit cards are an important component of our overall product offerings and allow us to capture incremental, often non-discretionary spend and build and retain customer relationships. As a DTC product, our proprietary credit cards are not dependent upon the performance of our brand partners or impacted by any partner revenue-sharing obligations. We believe that our DTC credit cards will continue to increase our total addressable market, including within the Millennial and Gen Z customer segments. Our Bread Cashback American Express Credit Card offers unlimited 2% cashback, no annual fee, no foreign transaction fees, premium protection benefits, American Express lifestyle benefits, and instant mobile acquisition and web-to-wallet provisioning for use anywhere ApplePay is accepted. Our Bread Rewards American Express Credit Card offers 3% rewards points on gas station, grocery store, dining and utility purchases, among other benefits, as well as instant mobile acquisition and web-to-wallet provisioning for use anywhere ApplePay is accepted. We currently issue our DTC credit cards on the American Express network. Our average outstanding DTC credit card account balance for the year ended December 31, 2025 was $2,295.

Bread Pay

Bread Pay is our payment technology solution for our pay-over-time products, which includes both our installment loan and “split-pay” offerings, as described in more detail below. Through Bread Pay, we offer an omnichannel solution for more than 1,400 SMB retailers and merchants, and we continue to explore and pursue growth opportunities in various business adjacencies, including through the integration of our suite of Bread Pay products into third-party platforms to gain efficient distribution of our lending solutions.

Our Bread Pay offerings and on-boarding capabilities enhance our growth prospects across the industries in which we lend and increase the addressable market of our Bread Pay partners. Bread Pay also offers our existing co-brand and private label credit card partners a broader digital product suite and additional white-label product solutions for those customers preferring a non-revolving loan with fixed repayment terms such as our installment loan and “split-pay” offerings. We offer a flexible platform and robust suite of application programming interfaces (APIs) that allow merchants and partners to seamlessly integrate online point-of-sale financing and other digital payment products.

Our Bread Pay installment loans are fixed extensions of credit where the customer pays down the outstanding balance in monthly installments, primarily over a 3 to 84 month period. The terms and conditions of all of our installment loan products are governed by a customer agreement and applicable laws and regulations. Installment loans are generally assessed interest charges over the term of the loan using fixed interest rates. In addition to periodic interest charges, for certain of our installment loans, we may impose other charges and fees, including late fees, as set forth in the applicable customer agreement. Most of our installment loans are offered through contractual agreements with our Bread Pay partners and may include additional fees paid by the partner, particularly where the installment loan carries a below-market interest rate.

Tabl e of Contents

Our Bread Pay “split-pay” loans are short-term, interest-free financing, to be repaid by the customer in four equal installments, with the first payment due at the time of purchase and the remaining three payments due in subsequent two-week intervals. The terms and conditions of all of our split-pay loan products are governed by a customer agreement and applicable laws and regulations. For certain of our “split pay” loans, we may impose other charges and fees, including late fees, as set forth in the applicable customer agreement.

Bread Savings

Bread Savings refers to our DTC, or retail, deposit products, primarily in the form of certificates of deposit and high-yield savings accounts, including traditional and Roth Individual Retirement Accounts. Our Bread Savings products support loan growth and improve our funding mix diversification. In recent years, retail deposits have become an increasingly important source of funds for us, growing 11% from $7.7 billion as of December 31, 2024 to $8.5 billion as of December 31, 2025. As of December 31, 2025, average retail deposits represented 48% of our total funding sources, which is comprised of retail and wholesale deposits, and secured and unsecured borrowings. As of that same date, retail deposits that exceeded applicable Federal Deposit Insurance Corporation (FDIC) insurance limits, which are generally $250,000 per depositor, per insured bank, per ownership category, were estimated to be $638 million, or 5% of Total deposits. The measurement of estimated uninsured deposits aligns with regulatory guidelines.

Our online Bread Savings platform is scalable, allowing us to expand without having to rely on a traditional “brick and mortar” branch network. We continue to focus on growing our Bread Savings operations and believe we are well-positioned to continue to benefit from the consumer-driven shift from branch banking to direct banking. We seek to differentiate our deposit product offerings from our competitors on the basis of rates we pay on deposits, the quality of our customer service and the competitiveness of our digital banking capabilities.

Services Supporting our Primary Product Offerings

Our primary product offerings, as described above, are supported and enhanced by numerous services and capabilities that we provide, including: (i) risk management, underwriting and funding services; (ii) credit card and other loan processing and servicing; (iii) fraud prevention; (iv) marketing, and data and analytics; and (v) our digital and mobile capabilities.

Risk Management, Underwriting and Funding Services. We provide risk management solutions, underwriting and funding services for our co-brand, private label, and DTC credit card programs, as well as our Bread Pay partnerships.

We process millions of credit card applications each year using internal algorithms, external credit bureau data and automated proprietary scoring technology to make responsible risk-based underwriting decisions when approving new accounts and establishing credit limits. Credit quality is monitored on a regular and consistent basis. This information helps us adjust our strategies when required to better evaluate individual credit risk. We continue to enhance our credit risk management by evaluating and investing in new technology and advancing our data and modeling capabilities, including through the potential use of deep learning and AI tools. Doing so allows us to navigate changing macroeconomic conditions and stay within our well-established risk appetite.

Credit Card and Other Loan Processing and Servicing . We manage and service the accounts we originate for our co-brand and private label credit card programs, as well as our DTC credit cards and Bread Pay products. Since 2022, Fiserv, a leading global provider of outsourced payments and financial services technology solutions, has provided our core credit card processing services, which has helped us enable improved speed to market, including the ability to quickly and seamlessly add new products and capabilities that benefit our partners and cardholders. It has also strengthened our ability to ensure we are operating on a compliant core platform, and enables efficient integration of digital technology, while supporting our data and analytics capabilities and improving operational efficiencies. See also “—Technology/Systems” below for additional information regarding our approach toward the systems and technologies we use in the operation of our business.

Our customer care operations are influenced by our retail heritage, and we view every customer touch point as an opportunity to provide an exceptional experience. Our customer care operations offer omnichannel servicing, including through phone, mail, email, text, smartphone application and the web. We blend domestic and off-shore locations as an important part of our servicing strategy, to maintain service availability beyond typical work hours in the United States and to optimize our cost structure. We provide focused training programs in all areas, and have developed an AI powered knowledge management solution for our customer care associates, in order to achieve the highest possible customer service standards and customer experience. We monitor our performance by conducting surveys with our partners and our

Tabl e of Contents

customers and in our 2025 survey, conducted by Medallia, Inc., we have received a Net Promoter Score of 54.5; survey results above 50 are considered excellent or superior by industry standards. In addition, in 2025 for the twentieth consecutive time, we were certified by BenchmarkPortal as a Center of Excellence for the quality of our operations, the most prestigious customer care industry ranking attainable. Founded by Purdue University in 1995, BenchmarkPortal is a global leader of best practices for customer care centers.

Our efforts to collect on delinquent accounts are made first by our collection department. After an account becomes 30 days past due, a proprietary collection scoring algorithm automatically scores the risk of the account becoming further delinquent; based upon the level of risk indicated, a collection strategy is deployed, which may include tech-enabled, targeted collections strategies to engage with cardholders in the most efficient communication channel. If after exhausting all in-house collection efforts we are unable to collect on the account, we may engage collection agencies or outside attorneys to continue those efforts, or sell the charged-off balances.

Fraud Prevention. We monitor our customers’ accounts to help prevent, detect, investigate and resolve fraud across the various products we offer. We employ a variety of fraud mitigation controls during the lifecycle of accounts, including capabilities related to account acquisition, transaction processing and account management. We use proprietary custom fraud models developed by our data scientists, together with externally-sourced scores and solutions used across the industry, to seek to identify fraud and protect our stakeholders, including our customers and brand partners. We leverage device intelligence technology to risk-assess digital applications and online servicing channels, and we subject monetary transactions to authorization and approval scrutiny through a variety of techniques designed to help identify and halt fraudulent transactions, including machine-learning models, rules-based decision-making logic, report analysis, data integrity checks and manual account reviews. We have a cross-functional team of risk, fraud and security professionals that regularly evaluate and enhance our fraud-prevention capabilities and monitor emerging industry trends and solutions.

Marketing, and Data and Analytics . Through our integrated marketing programs and campaigns, we design and implement strategies that assist our partners in acquiring, retaining and expanding customer engagement to drive a more loyal, frequent shopper that increases customer lifetime value. Our programs capture transaction data that we analyze to better understand consumer behavior, which we use to increase the effectiveness of both our and our partners’ marketing activities. Through our marketing technology, data and analytics capabilities, including the use of machine learning and AI technology, we focus on data insights that drive actionable strategies and enhance revenue growth and customer retention. We use multi-channel marketing platforms and capabilities, including in-store, web, permission-based email, permission-based mobile messaging and direct mail to engage customers in the channels of their choice.

Digital and Mobile Capabilities . We are constantly seeking to improve our digital and mobile capabilities, in order to support and enhance our product offerings, drive growth for our brand partners and improve the customer experience. We seek to provide a seamless, personalized digital and mobile experience that is responsive to our customers’ evolving expectations. Recent improvements to our digital and mobile capabilities include API enhancements, enriched software development kits, virtual card commercialization, and our enhanced, fully integrated Bread Financial mobile app. We are continually seeking to enhance customers’ self-service capabilities in our digital channels, which allow customers to address their needs when and how they want, while also generating efficiencies by reducing the cost to serve our customers.

In addition, through our Enhanced Digital Suite, a group of marketing and credit application features, we help our brand partners capitalize on online trends by bringing through more qualified applicants, a higher credit sales conversion rate and a higher average purchase value. Enhanced Digital Suite includes a unified software development kit that provides access to our broad suite of products; it also promotes credit payment options, relevant to the customer, earlier in the shopping experience. The credit application is simple and easy, offers prefilled fields and prescreens customers in real-time, allowing for immediate credit approval without leaving the brand partner’s site, thereby improving the customer’s shopping experience and our brand partner’s checkout conversion rate. Across all product offerings, we remain focused on creating an exceptional digital and mobile experience for our customers, which we believe improves our competitive position and drives future growth.

For additional information relating to our business, business strategy and products and services, see “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations – Business Environment.”

Tabl e of Contents

Technology/Systems

We leverage information and technology to help achieve our business objectives and to develop and deliver products and services that satisfy our brand partners’ and customers’ needs, all while seeking to enhance our governance and control over the availability, quality and security of our data.

A key part of our strategic focus is the development and use of resilient, efficient and flexible computer and operational systems to deliver growth for our brand partners, support sophisticated marketing and account management strategies, service our customers, and develop and scale new and diversified products. We believe the continued development and integration of these systems is an important part of our efforts to reduce costs, improve quality and security, and provide faster, more flexible technology services. Consequently, we continuously review capabilities and develop or acquire systems, processes and competencies to meet our unique business requirements, including strategic investments in cloud capabilities, machine learning and AI, emerging technologies and automation, and data analytics.

As part of our continuous efforts to review and improve our technologies, we may either develop such capabilities internally or use third-party service providers who have the ability to deliver technology that is of higher quality, lower cost, or both. Specifically, we rely on third parties to help us deliver systems and operational infrastructure, these relationships include (but are not limited to): Amazon Web Services and Microsoft for our cloud infrastructure, and Fiserv for our credit card processing services, as previously reported.

We are committed to safeguarding our customers’ and our own information and technology, implementing backup and recovery systems, and generally require the same of our third-party service providers. We take measures that are designed to mitigate against known attacks and use internal and external resources to scan for vulnerabilities in the platforms, systems, and applications necessary for delivering our products and services. We cannot guarantee, however, that our cybersecurity risk management program and processes, or those of our third-party service providers, including our policies, controls or procedures, will be fully implemented, adhered to, or effective in protecting both our customers’ and our own information and technology from cyberattacks. For a discussion of the risks associated with our use of technology systems, see “Part I—Item 1A. Risk Factors” under the heading “Cybersecurity, Technology and Vendor Risks.”

Disaster and Contingency Planning

We operate, either internally or through third-party service providers, multiple data processing centers to store and otherwise process our customer transaction data. Given the significant amount of data that we or our third-party service providers manage, much of which is real-time data to support our partners’ commerce initiatives, we have established redundant capabilities for our data centers. We have a number of safeguards in place that are designed to protect us from data-related risks and in the event of a disaster, to restore our data centers’ systems. For additional information, see “Item 1A. Risk Factors – Risk Management – Operational Risk.”

Protection of Intellectual Property and Other Proprietary Rights

We rely on a combination of patents, copyrights, trademarks, and trade secrets (and corresponding laws relating to such intellectual property), confidentiality procedures, contractual provisions, and other similar measures to protect our technology and proprietary information used in our business. We generally enter into confidentiality agreements with our employees, consultants and third-party business partners to protect our proprietary information. We control access to and distribution of our technology and its related documentation and other proprietary information through licenses and contractual restrictions. Despite our efforts to protect our technology and proprietary rights, unauthorized parties may attempt to copy or otherwise obtain the use of our technology that we consider proprietary, and third parties may attempt to develop similar technology independently. We have a number of domestic and foreign patents and pending patent applications. We pursue protection of our trademarks through registration, primarily in the United States, although we also have either registered trademarks or applications pending for certain marks in other countries. We maintain a trade secret program for certain proprietary intellectual property for which we choose not to seek patent or copyright protection. No individual patent, copyright, or trademark is material to us or our business.

Competition

The markets for our products and services are highly competitive, continuously changing, highly innovative, and subject to regulatory scrutiny and oversight. We compete with a wide range of businesses, including major financial institutions and financial technology firms, or fintechs. Some of our current and potential competitors may be larger than we are, have

Tabl e of Contents

larger customer bases, greater brand recognition, longer operating histories, a dominant or more secure position, broader geographic scope, volume, scale, resources, and market share than we do, or offer products and services that we do not offer. Other competitors may be smaller or younger companies that are more agile in responding quickly to regulatory and technological changes. Many of the areas in which we compete evolve rapidly with innovative and disruptive technologies, emerging competitors, business alliances, shifting consumer habits and user needs, price sensitivity on the part of merchants and consumers, and frequent introductions of new products and services. The consumer credit and payments industry is highly competitive and we face an increasingly dynamic industry as emerging technologies enter the marketplace.

In competing to acquire and retain the business of brand partners and customers, our primary competition is with other financial institutions whose marketing focus has been on developing credit card programs with attractive value propositions, high spend and consequentially large revolving balances. These competitors further drive their businesses by cross-selling their other financial products to their cardholders. We also compete for brand partners, including on program financial and other terms, underwriting standards and capabilities, marketing expertise, service levels, the breadth of our product and service offerings, digital, technological and integration capabilities, brand recognition and reputation. We focus on retailers and brand partners that understand the competitive advantage of building a loyal customer base. We have a long history of effectively analyzing transaction data we obtain through partner loyalty programs and managing our lending programs, including customer specific transaction data and overall consumer spending patterns, to develop and implement successful marketing strategies for our partners.

As a form of payment, our customers have numerous consumer credit and other payment options available to them, and our products compete with cash, checks, electronic bank transfers, debit cards, general purpose credit cards (including those on the Visa, MasterCard, American Express and Discover Card networks), various forms of consumer installment loans and split-pay products, other private label credit card brands, prepaid cards, digital wallets and mobile payment solutions, and other tools that simplify and personalize shopping experiences for consumers and merchants. Among other factors, our products compete with these other forms of payment on the basis of interest rates and fees, credit limits, reward programs and other product features. As the payments industry continues to evolve, in the future we expect increasing competition from new and non-traditional competitors, such as fintechs, and with respect to new products, services and technologies, such as the emergence or increase in popularity of agentic commerce (in which autonomous AI agents initiate and execute transactions on behalf of users), digital payment platforms and currencies, including stablecoins, and other alternative payment and deposit solutions. For example, in July 2025, President Trump signed the Guiding and Establishing National Innovation for U.S. Stablecoins Act, or the “GENIUS Act,” into law, establishing a federal licensing and supervisory framework for payment stablecoins and their issuers. The GENIUS Act may accelerate and increase the competition that non-traditional financial institutions pose to banks’ payment services, as well as adverse impacts to our deposit business and the value proposition of our customer loyalty and rewards programs. To the extent the use of stablecoins matures, stablecoins could achieve broad adoption through regulated issuance by traditional banks, fintechs and other market entrants, as well as being integrated in closed loop systems operated by large digital ecosystems and platforms. Moreover, some of our competitors, including new and emerging competitors in the digital and mobile payments space, are not subject to the same regulatory requirements or legislative scrutiny to which we are, which could place us at a competitive disadvantage.

In our retail deposits business, we have acquisition and servicing capabilities similar to other direct-banking competitors. We compete for deposits with traditional banks, and in seeking to grow our Bread Savings platform, we compete with other banks that have direct-banking models similar to ours. Competition among direct banks is intense because online banking provides customers the ability to quickly and easily deposit and withdraw funds, and open and close accounts in favor of products and services offered by competitors. As noted above, to the extent the use of stablecoins matures, stablecoins may also serve as an alternative to traditional deposits.

Supervision and Regulation

We operate primarily through our insured depository institution subsidiaries, Comenity Bank (CB) and Comenity Capital Bank (CCB), which, as noted above, together are referred to herein as the “Banks.” Federal and state laws and regulations extensively regulate the operations of the Banks. This regulatory framework is intended to protect individual consumers, depositors, the Deposit Insurance Fund (DIF) of the FDIC and the U.S. banking system as a whole, rather than for the protection of stockholders and creditors. Set forth below is a summary of the significant laws and regulations applicable to each of CB and CCB. The description that follows is qualified in its entirety by reference to the full text of the statutes, regulations, and supervisory policies that are described. Such statutes, regulations, and supervisory policies are subject to ongoing review by Congress, state legislatures, and federal and state regulatory agencies. A change in any of the statutes,

Tabl e of Contents

regulations, or supervisory policies applicable to CB and/or CCB, or in the leadership or direction of our regulators, could have a material effect on our operations or financial condition. Further, while the current Presidential Administration and the congressional majorities in the U.S. Senate and House of Representatives support a reduced regulatory burden, the scope of regulation and the intensity of supervision will likely remain uncertain even in the current regulatory and political environments.

CB is a Delaware-chartered bank operating as a credit card bank under a Competitive Equality Banking Act (CEBA) exemption from the definition of “bank” under the Bank Holding Company Act (BHC Act). To maintain its status as a CEBA credit card bank, CB must continue to comply with the following requirements:

• engage only in credit card operations;

• do not accept demand deposits or deposits that the depositor may withdraw by check or similar means for payment to third parties;

• do not accept any savings or time deposits of less than $100,000, except for deposits pledged as collateral for its extensions of credit;

• maintain only one office that accepts deposits; and

• do not engage in the business of making commercial loans (except credit card loans to certain small businesses).

CB is subject to prudential regulation, supervision and examination by the Delaware Office of the State Bank Commissioner, as its chartering authority, and the FDIC as its primary federal regulator. CB’s deposits are insured by the FDIC up to the applicable deposit insurance limits in accordance with applicable law and FDIC regulations. CB is not a member of the Federal Reserve System.

CCB is a Utah-chartered industrial bank. As an industrial bank, CCB is exempt from the definition of “bank” under the BHC Act. CCB is subject to prudential regulation, supervision and examination by the Utah Department of Financial Institutions (UDFI), as its chartering authority, and the FDIC as its primary federal regulator. CCB’s deposits are insured by the FDIC up to the applicable deposit insurance limits in accordance with applicable law and FDIC regulations. CCB is not a member of the Federal Reserve System.

Planned Merger of CB with and into CCB

On December 17, 2025, we filed applications with the federal and respective state banking regulators for permission to merge CB with and into CCB, with CCB being the surviving entity. Pending regulatory approval and the expiration of any applicable waiting periods, the merger of CB and CCB is expected to occur in the second half of 2026. The proposed merger is designed to streamline and reduce the regulatory complexity of our banking operations and is expected to result in a number of operational and financial benefits, including a simplified regulatory framework, improved access to the retail deposit funding market, greater flexibility in managing our securitization activities, and other liquidity and capital risk management benefits. The merger is not expected to have a significant impact on our consolidated financial position, results of operations, or liquidity. Assuming the merger is consummated, the resulting bank, CCB, would remain headquartered in Draper, Utah, and would have total assets of approximately $21.4 billion, total deposits of approximately $14.1 billion, and Tier I capital of $2.8 billion, in each case as of December 31, 2025, on a pro forma basis. The resulting bank would be a Utah-chartered industrial bank that is not a member of the Federal Reserve System. We cannot provide any assurance that the merger will be approved, or that we will be successful in realizing the expected operational and financial benefits of the merger.

Consumer Financial Protection Bureau Supervision

The Consumer Financial Protection Bureau (CFPB) promulgates regulations for the federal consumer financial protection laws and supervises and examines large banks (those with more than $10 billion of total assets) with respect to those laws. Banks in a multi-bank organization, such as CB and CCB, are subject to supervision and examination by the CFPB with respect to the federal consumer financial protection laws if at least one bank reports total assets over $10 billion for four consecutive quarters, which CCB has, and thus both Banks are subject to supervision and examination by the CFPB with respect to federal consumer protection laws.

Regulation of Bread Financial Holdings, Inc.

Because neither CB nor CCB is considered a “bank” within the meaning of the BHC Act, the Parent Company is not a bank holding company (BHC) subject to regulation thereunder. If any of our entities became subject to regulation as a

Tabl e of Contents

BHC, among other things, BFH and our non-bank subsidiaries would be subject to regulation, supervision and examination by the Board of Governors of the Federal Reserve System (Federal Reserve Board or FRB) and our operations would be limited to activities that are closely related to banking. If the Parent Company were to qualify as a financial holding company (FHC), operations could include those activities that are financial in nature. However, under Section 616 of the Dodd-Frank Act, any company that directly or indirectly controls an insured depository institution is required to serve as a source of financial strength to its subsidiary institution and may not conduct its operations in an unsafe or unsound manner. This doctrine is commonly known as the “Source of Strength” doctrine. As such a company, this means that BFH must stand ready to use available resources to provide adequate capital funds to the Banks during periods of financial stress or adversity and should maintain the financial flexibility and capital-raising capacity to obtain additional funding resources to support the Banks. This support may be required at times when BFH might otherwise have determined not to provide it or when doing so is not otherwise in the interests of BFH or its stockholders or creditors. BFH’s failure to meet its obligation to serve as a source of strength to the Banks may be considered an unsafe and unsound banking practice. In that regard, although the Parent Company is not a BHC, we seek to maintain capital levels and ratios in excess of the minimums required for a BHC.

Separately, under Utah state law the Parent Company is subject to examination by the UDFI. Under that statutory authority, the UDFI subjects the Parent Company to periodic inspections to determine the degree to which it serves as source of financial and managerial strength to CCB, and to understand the business activities conducted outside CCB.

Regulation of the Banks

Federal and state banking laws and regulations govern, among other things, the scope of a bank’s business, the investments a bank may make, the reserves against deposits a bank must maintain, the loans a bank makes and collateral it takes, the activities of a bank with respect to mergers and acquisitions, management practices, and numerous other aspects of our operations.

Examinations by regulators consider not only compliance with applicable laws, regulations, and supervisory policies of the agency, but also capital levels, asset quality, risk management effectiveness, the ability and performance of management and the board of directors, the effectiveness of internal controls, earnings, liquidity, and various other factors. Following examinations by its bank regulators, the Banks receive supervisory findings and ultimately are assigned supervisory ratings. Examination reports, supervisory ratings, and other actions under this supervisory framework, which are considered confidential supervisory information, can impact the conduct, growth, and profitability of our operations, possibly to a significant degree.

Regulatory Capital Requirements

The Banks are subject to certain risk-based capital and leverage ratio requirements under the Basel Committee on Banking Supervision standardized approach for U.S. banking organizations adopted by the FDIC. These rules implement the Basel III international regulatory capital standards in the United States, as well as certain provisions of the Dodd-Frank Act. These quantitative calculations are minimums, and the FDIC may determine that a bank, based on size, complexity, or risk profile, must maintain a higher level of capital to operate in a safe and sound manner.

Under the Basel III capital rules, the Banks’ assets, exposures, and certain off-balance sheet items are subject to risk weights used to determine CB’s and CCB’s risk-weighted assets, which then are used to determine the minimum capital that CB and CCB should keep as reserves to reduce the risk of insolvency. These risk-weighted assets are used to calculate the following minimum capital ratios for the Banks:

• Common Equity Tier 1 (CET1) Risk-Based Capital Ratio – the ratio of CET1 capital to risk-weighted assets. In the calculation of CET1 capital, we follow the Basel III Standardized Approach. CET1 capital primarily includes common stockholders’ equity subject to certain regulatory adjustments and deductions, including for goodwill and intangible assets, net, certain deferred tax assets, and accumulated other comprehensive income or loss.

• Tier 1 Risk-Based Capital Ratio – the ratio of Tier 1 capital to risk-weighted assets. In the calculation of Tier 1 capital, we follow the Basel III Standardized Approach. Tier 1 capital is primarily comprised of CET1 capital, perpetual preferred stock, and certain qualifying capital instruments. For us, until the fourth quarter of 2025 when we completed our first issuance of perpetual preferred stock, this ratio was the same as the CET1 Risk-Based Capital Ratio because we did not have any perpetual preferred stock or other qualifying capital instruments that would adjust the ratio.

Tabl e of Contents

• Total Risk-Based Capital Ratio – the ratio of total capital, including CET1 capital, Tier 1 capital, and Tier 2 capital, to risk-weighted assets. In the calculation of total capital, we follow the Basel III Standardized Approach. Tier 2 capital primarily includes qualifying subordinated debt and qualifying allowance for credit losses.

The Banks are also subject to the requirements of a fourth ratio, the Leverage ratio, which itself does not incorporate risk-weighted assets:

• Tier 1 Leverage Ratio – the ratio of Tier 1 capital to quarterly average assets (net of goodwill, certain other intangible assets, and certain other deductions).

The Basel III capital rules require a minimum CET1 Risk-Based Capital Ratio of 4.5%, a minimum Tier 1 Risk-Based Capital Ratio of 6.0%, and a minimum Total Risk-Based Capital Ratio of 8.0%. In addition to meeting the minimum capital requirements, under the Basel III capital rules, the Banks must also maintain the required 2.5% Capital Conservation Buffer to avoid becoming subject to restrictions on capital distributions and certain discretionary bonus payments to executive management. The Capital Conservation Buffer is calculated as a ratio of CET1 capital to risk-weighted assets, and it essentially increases the required minimum risk-based capital ratios. As a result, the Banks must maintain a CET1 Risk-Based Capital Ratio of at least 7%, a Tier 1 Risk-Based Capital Ratio of at least 8.5% and a Total Risk-Based Capital Ratio of at least 10.5% to avoid being subject to the noted restrictions. The Tier 1 Leverage Ratio is not impacted by the Capital Conservation Buffer; the required minimum Tier 1 Leverage Ratio for all banks and BHCs is 4%.

A bank, however, may be considered well-capitalized while remaining out of compliance with the Capital Conservation Buffer. To be considered well-capitalized, the Banks must maintain the following capital ratios which are in excess of the minimums described above:

• CET1 Risk-Based Capital Ratio of 6.5% or greater;

• Tier 1 Risk-Based Capital Ratio of 8.0% or greater;

• Total Risk-Based Capital Ratio of 10.0% or greater; and

• Tier 1 Leverage Ratio of 5.0% or greater.

Failure to be well-capitalized or to meet minimum capital requirements could result in certain mandatory and possible additional discretionary actions by regulators that, if undertaken, could have a material adverse effect on our operations or financial condition. Failure to be well-capitalized or to meet minimum capital requirements could also result in restrictions on the Banks’ ability to pay dividends or otherwise distribute capital or to receive regulatory approval of applications. The Banks seek to maintain capital levels and ratios in excess of the minimum regulatory requirements inclusive of the 2.5% Capital Conservation Buffer. As of December 31, 2025, the Banks’ regulatory capital ratios were above the well-capitalized standards, inclusive of the Capital Conservation Buffer.

Dividends

Bread Financial Holdings, Inc. is a legal entity separate and distinct from the Banks. Declaration and payment of cash dividends on, or repurchases of, our equity securities depends upon cash dividend payments to Bread Financial Holdings, Inc. by the Banks, which are our primary source of revenue and cash flow. As state-chartered banks, under Delaware or Utah law, as applicable, the Banks are subject to regulatory restrictions on the payment and amounts of dividends. Further, the ability of the Banks to pay dividends to Bread Financial Holdings, Inc. is also subject to their profitability, financial condition, capital expenditures and other cash flow requirements, and any such dividends are also subject to the approval of the Board of Directors of the applicable Bank. No assurances can be given that the Banks will, in any circumstances, pay dividends to Bread Financial Holdings, Inc.

The payment of dividends by the Banks and Bread Financial Holdings, Inc. and any repurchases of our equity securities may also be affected by other factors, such as the requirement to maintain adequate capital above regulatory requirements. The Federal Banking Agencies, being the Office of the Comptroller of the Currency (OCC), the FRB and the FDIC, have indicated that paying dividends that deplete a bank’s capital base to an inadequate level would be an unsafe and unsound banking practice; a bank may not pay any dividend if payment would cause it to become undercapitalized or if it already is undercapitalized. Moreover, the Federal Banking Agencies have issued policy statements that provide that banks should generally only pay dividends out of current operating earnings. The Federal Banking Agencies have the authority to prohibit banks from paying a dividend if it is deemed that such payment would be an unsafe or unsound practice. The FDIC also may require its prior consent before a bank pays a dividend that exceeds retained earnings or comes from the surplus account of common or preferred stock.

Tabl e of Contents

Prompt Corrective Action and Safety and Soundness

Under applicable “prompt corrective action” (PCA) statutes and regulations, insured depository institutions, such as the Banks, are placed into one of five capital categories, ranging from “well capitalized” to “critically undercapitalized.” The PCA statute and regulations provide for progressively more stringent supervisory measures as an institution’s capital category declines. An institution that is not well capitalized is generally prohibited from accepting brokered deposits and offering interest rates on deposits higher than the prevailing rate in its market. An undercapitalized institution must submit an acceptable restoration plan to the appropriate Federal Banking Agency. One requisite element of such a plan is that the institution’s parent holding company guarantee the institution’s compliance with the plan, subject to certain limitations. As of December 31, 2025, the Banks qualified as “well capitalized” under applicable regulatory capital standards.

Insured depository institutions may also be subject to potential enforcement actions of varying levels of severity by the Federal Banking Agencies for unsafe or unsound practices in conducting their businesses, or for violation of any law, rule, regulation, condition imposed in writing by the agency, or term of a written agreement with the agency. In more serious cases, enforcement actions may include:

• the issuance of directives to increase capital;

• the issuance of formal and informal agreements;

• the imposition of civil monetary penalties;

• the issuance of a cease and desist order that can be judicially enforced;

• the issuance of removal and prohibition orders against officers, directors, and other institution-affiliated parties;

• the termination of the institution’s deposit insurance;

• the appointment of a conservator or receiver for the institution; and

• the enforcement of such actions through injunctions or restraining orders based upon a judicial determination that the FDIC, as receiver, would be harmed if such equitable relief was not granted.

Reserve Requirements

FRB regulations require insured depository institutions to maintain cash reserves against their transaction accounts, primarily interest-bearing and regular checking accounts, as well as cardholder credit balances. The required cash reserves can be in the form of vault cash and, if vault cash does not fully satisfy the required cash reserves, in the form of a balance maintained with the Federal Reserve Banks; we maintain a significant majority of our liquidity portfolio on deposit within the Federal Reserve banking system.

The regulations authorize different ranges of reserve requirement ratios depending on the amount of transaction account balances held. A zero percent reserve requirement ratio is applied to transaction balances below the reserve requirement exemption amount. In addition, transaction account balances maintained over the reserve requirement exemption amount and up to a certain amount, known as the low reserve tranche, may be subject to a reserve requirement ratio of not more than 3 percent (and which may be zero), and transaction account balances over the low reserve tranche may be subject to a reserve requirement ratio of not more than 14 percent (and which may be zero). The reserve requirement exemption and the low reserve tranche are both subject to adjustment on an annual basis, as applicable, by the FRB. Effective March 26, 2020, in response to the COVID-19 pandemic, the reserve requirement ratios on all net transaction accounts were reduced to zero percent, thereby eliminating reserve requirements for all depository institutions. The annual indexation of the reserve requirement exemption amount and the low reserve tranche for the years 2021-2026 was required by statute, but did not affect depository institutions’ reserve requirements, which remain at zero.

Federal Deposit Insurance

The deposits of the Banks are insured up to applicable limits by the DIF of the FDIC. The current standard maximum deposit insurance amount is $250,000 per depositor, per insured depository institution, per ownership category, in accordance with applicable FDIC regulations.

The FDIC uses a risk-based assessment system that imposes insurance premiums based on a risk matrix that takes into account the risks attributable to different categories and concentrations of an insured depository institution’s assets and liabilities, and supervisory rating. The base for insurance assessments is the average consolidated total assets less the average tangible equity capital of an institution. Assessment rates are calculated using formulas that take into account the risk of the institution being assessed.

Tabl e of Contents

Under the Federal Deposit Insurance Act (the FDIA), the FDIC may terminate an institution’s deposit insurance upon a finding that the institution has engaged in unsafe and unsound practices, is in an unsafe and unsound condition or has violated any applicable law, regulation, order or condition imposed by the FDIC.

Cross Guaranty Provisions

The cross guaranty provisions of the FDIA require each insured depository institution controlled by the same parent company to be financially responsible for the failure or resolution costs of any affiliated insured depository institution. Generally, the amount of the cross guaranty liability is equal to the estimated loss to the DIF for the resolution of the affiliated institution(s) in default. The FDIC’s claim under the cross guaranty provision is superior to claims of stockholders of the insured depository institution or its parent company and to most claims arising out of obligations or liabilities owed to affiliates of the institution, but is subordinate to claims of depositors, secured creditors and holders of subordinated debt (other than affiliates) of the commonly controlled insured depository institution. The FDIC may decline to enforce the cross guaranty provision if it determines that a waiver is in the best interest of the DIF.

Depositor Preference

The FDIA provides that, in the event of the liquidation or other resolution of an insured depository institution, the claims of depositors of the institution, including the claims of the FDIC as subrogee of insured depositors, and certain claims for administrative expenses of the FDIC as a receiver, will have priority over other general unsecured claims against the institution. If an insured depository institution fails, insured and uninsured depositors, along with the FDIC, will have priority in payment ahead of unsecured, non-deposit creditors, including the parent company, with respect to any extensions of credit they have made to such insured depository institution.

Restrictions on Transactions with Affiliates and Insiders

Sections 23A and 23B of the Federal Reserve Act and the FRB’s Regulation W limit the extent to which the Parent Company and its non-bank affiliates (including non-bank subsidiaries) can borrow or otherwise obtain credit from, or engage in other covered transactions with either of the Banks, which may have the effect of limiting the extent to which either Bank can finance or otherwise supply funds to the Parent Company or its non-bank affiliates. “Covered transactions” are subject to quantitative and qualitative limits and include:

• loans or extensions of credit;

• purchases of or investments in securities;

• purchases of assets, including assets subject to an agreement to repurchase;

• acceptance of securities as collateral for a loan or extension of credit;

• a derivative transaction to the extent that the transaction causes the bank to have a credit exposure to the affiliate; or

• the issuance of a guarantee, acceptance, or letter of credit.

In addition, with certain exceptions, each loan or extension of credit by either Bank to the Parent Company or its non-bank affiliates must be secured by collateral with a market value ranging from 100% to 130% of the amount of the loan or extension of credit, depending on the type of collateral. Further, all transactions between the Banks and the Parent Company or any non-bank affiliates must be on arm’s length terms and consistent with safe and sound banking practices. The Banks are also prohibited from purchasing low-quality assets from the Parent Company or any non-bank affiliates.

The Banks are also subject to Sections 22(g) and 22(h) of the Federal Reserve Act, and the FRB’s implementing Regulation O as made applicable to the Banks by the regulations of the FDIC. These provisions impose limitations on loans and extensions of credit by the Banks to their executive officers, directors and principal stockholders and their related interests, as well as those of the Banks’ affiliates. The limitations restrict the terms and aggregate amount of such transactions. Regulation O also imposes certain recordkeeping and reporting requirements.

Volcker Rule

Section 619 of the Dodd-Frank Act, commonly known as the Volcker Rule, restricts the ability of banking entities, such as Bread Financial Holdings, Inc. and the Banks, from (i) engaging in proprietary trading and (ii) investing in or sponsoring covered funds, subject to certain limited exceptions. Under the Volcker Rule, the term covered funds is defined as any issuer that would be an investment company under the Investment Company Act but for the exemption in section 3(c)(1) or 3(c)(7) of that Act, which includes collateralized loan obligation securities, collateralized debt obligation securities, and

Tabl e of Contents

certain foreign funds. There are also several exemptions from the definition of covered funds, including, among other things, loan securitizations, joint ventures, certain types of foreign funds, entities issuing asset-backed commercial paper, and registered investment companies. We do not engage in proprietary trading or invest in or sponsor covered funds.

Incentive Compensation

The Federal Banking Agencies have issued comprehensive guidance intended to ensure that the incentive compensation policies of banking organizations do not undermine the safety and soundness of those organizations by encouraging excessive risk-taking. The incentive compensation guidance sets expectations for banking organizations concerning their incentive compensation arrangements and related risk management, control and governance processes. The incentive compensation guidance, which covers all employees that have the ability to materially affect the risk profile of an organization, either individually or as part of a group, is based upon three primary principles: (i) balanced risk-taking incentives; (ii) compatibility with effective controls and risk management; and (iii) strong corporate governance. Any deficiencies in compensation practices that are identified may be incorporated into the organization’s supervisory ratings, which can affect its ability to make acquisitions or take other actions. In addition, under the incentive compensation guidance, a banking organization’s federal supervisor may initiate enforcement action if the organization’s incentive compensation arrangements pose a risk to the safety and soundness of the organization. Further, the Basel III capital rules limit discretionary bonus payments to bank executives if the institution’s regulatory capital ratios fail to exceed certain thresholds.

The Dodd-Frank Act requires the Federal Banking Agencies and the Securities and Exchange Commission (SEC) to establish joint regulations or guidelines prohibiting incentive-based payment arrangements at specified regulated entities, including the Banks, that encourage inappropriate risks, (i) by providing an executive officer, employee, director or principal stockholder with excessive compensation, fees, or benefits, or (ii) that could lead to material financial loss to the entity. Whenever these joint regulations or guidelines are finalized, which does not appear imminent, the manner and form may impact our executive compensation.

The Dodd-Frank Act also requires publicly traded companies to give stockholders a non-binding “say-on-pay” vote on executive compensation at least every three years and on so-called “golden parachute” payments in connection with approvals of mergers and acquisitions. We have held our “say-on-pay” vote annually.

USA PATRIOT Act

Under Title III of the USA PATRIOT Act, all financial institutions are required to take certain measures to identify their customers, prevent money laundering, monitor customer transactions, and report suspicious activity to U.S. law enforcement agencies. Financial institutions are also required to respond to requests for information from Federal Banking Agencies and law enforcement agencies. Information sharing among financial institutions for the above purposes is encouraged by an exemption granted to complying financial institutions from the privacy provisions of the Gramm-Leach-Bliley Act (GLBA) and other privacy laws. Financial institutions that hold correspondent accounts for foreign banks or provide private banking services to foreign individuals are required to take measures to avoid dealing with certain foreign individuals or entities, including foreign banks with profiles that raise money laundering concerns, and are prohibited from dealing with foreign “shell banks” and persons from jurisdictions of particular concern. The Federal Banking Agencies and the Secretary of the Treasury have adopted regulations to implement several of these provisions.

Furthermore, financial institutions are required to establish internal anti-money laundering programs. These programs must include policies, procedures, processes and other internal controls designed to monitor, identify, manage and mitigate the risk of money laundering or terrorist financing posed by a financial institution’s products, services, customers and geographic locale. These controls include procedures and processes to detect and report suspicious transactions, perform customer due diligence, respond to requests from law enforcement, identify and verify a legal entity customer’s beneficial owner(s) at the time a new account is opened and to understand the nature and purpose of the customer relationship, and meet all recordkeeping and reporting requirements related to particular transactions involving currency or monetary instruments. These programs must be coordinated by a compliance officer, undergo annual independent audits to assess effectiveness, and require training of employees. The effectiveness of a financial institution in combating money laundering activities is a factor to be considered in any application submitted by a financial institution to engage in a merger transaction under the Bank Merger Act. Failure to comply with these regulations may result in fines, penalties, lawsuits, regulatory sanctions, reputational damage, or restrictions on business. Our Banks have in place a Bank Secrecy Act and USA PATRIOT Act compliance program and engage in very few transactions of any kind with foreign financial institutions or foreign persons.

Tabl e of Contents

Office of Foreign Assets Control Regulations

The United States government has imposed economic sanctions that affect transactions with designated foreign countries, nationals, and others. These are typically known as the “OFAC rules” based on their administration by the U.S. Treasury Department Office of Foreign Assets Control (OFAC). The OFAC administered sanctions targeting countries take many different forms. Generally, OFAC sanctions contain one or more of the following elements: (i) restrictions on trade with or investment in a sanctioned country, including prohibitions against direct or indirect imports from and exports to a sanctioned country and prohibitions on U.S. persons engaging in financial transactions relating to making investments in, or providing investment-related advice or assistance to, a sanctioned country; and (ii) a blocking of assets in which the government or specially designated nationals of the sanctioned country have an interest, by prohibiting transfers of property subject to U.S. jurisdiction (including property in the possession or control of U.S. persons). Blocked assets (e.g., property and bank deposits) cannot be paid out, withdrawn, set off, or transferred in any manner without a license from the OFAC. Failure to comply with these sanctions could have serious legal and reputational consequences.

Third-Party Risk Management

The FDIC, along with the other Federal Banking Agencies, issued final guidance on managing risks associated with third-party relationships in June 2023. The guidance states that sound third-party risk management takes into account the level of risk, complexity, and size of the bank and the nature of the third-party relationship. In July 2024, the Federal Banking Agencies released a joint statement on banks’ arrangements with third parties to deliver bank deposit products and services. The joint statement cautions that operational and compliance risks arise when banks hand over substantial control of key functions to a third-party. Banks can manage risk through policies and procedures governing organizational structures, lines of reporting, expertise and staffing, internal controls and audit functions. Banks can also conduct risk assessments to assess controls for mitigating risk relating to specific third-party arrangements, engage in due diligence of third-party relationships, set appropriate contractual relationships, and establish monitoring routines to identify risks.

Identity Theft

The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) amended the Fair Credit Reporting Act (FCRA) to combat identity theft, along with its implementing regulation, Regulation V, require insured state nonmember banks, such as the Banks, to establish programs to address risks of identity theft. The rules require financial institutions and creditors to develop and implement a written identity theft prevention program that is designed to detect, prevent, and mitigate identity theft in connection with certain existing accounts or the opening of new accounts. The rules include guidelines to assist entities in the formulation and maintenance of programs that would satisfy these requirements. In addition, the rules establish special requirements for any credit and debit card issuers that are subject to the jurisdiction of the FDIC to assess the validity of notifications of changes of address under certain circumstances. The Banks implemented an ID Theft Prevention Program (Program), approved by their Boards of Directors, in compliance with these requirements. The Banks review and make enhancements to the Program on an ongoing basis.

Open Banking

In October 2024, the CFPB finalized a rule implementing a section of the Dodd-Frank Act, which requires certain entities, including the Banks, to, among other things, make available to a consumer, upon request, information in its control or possession concerning the consumer financial product or service that the consumer obtained from that entity. The final rule also requires data providers holding a consumer account, such as the Banks, to establish a developer interface satisfying certain data security specifications and other standards, through which the data provider can receive requests for, and provide specific types of data covered by the rule in electronic, usable form to authorized third parties, including data aggregators. Under the final rule, data providers are prohibited from charging consumers or third parties fees for processing these consumer data requests. The final rule also places certain data security, authorization, and other obligations on third parties accessing covered data from data providers, which could include the Banks when acting in certain capacities. The final rule also requires third parties to limit their collection, use, and retention of the data received to only what is reasonably necessary to provide the consumers’ requested product or service. In October 2024, industry trade associations filed a lawsuit against the CFPB alleging the agency exceeded its statutory authority and asking the court to vacate the rule. In July 2025, the District Court for the Eastern District of Kentucky granted the motion by the CFPB to stay the proceedings while the CFPB conducts a rulemaking to revise the final rule. In August 2025, the CFPB published an advance notice of proposed rulemaking requesting input on certain aspects of the rule it was reconsidering, and in October 2025 the District Court entered a preliminary injunction barring enforcement of the rule while it is being reconsidered by the CFPB.

Tabl e of Contents

Community Reinvestment Act

The Community Reinvestment Act of 1977 (CRA) is intended to encourage banks to help meet the credit needs of their service areas, including low- and moderate-income neighborhoods, consistent with safe and sound business practices. The relevant Federal Banking Agency, the FDIC in the Banks’ case, examines each bank and assigns it a public CRA rating. A bank’s record of fair lending compliance is part of the resulting CRA examination report. CRA performance evaluations are based on a four-tiered rating system: Outstanding, Satisfactory, Needs to Improve and Substantial Noncompliance. CRA performance evaluations are considered in evaluating applications for, e.g., mergers, acquisitions and applications to open branches. The Banks each received a CRA rating of “Outstanding” at their most recent CRA examinations.

In October 2023, the Federal Banking Agencies issued a final rule overhauling the process and substantive tests used by the agencies to assess a bank’s record of meeting the credit needs of its community. In February 2024, industry trade associations filed a lawsuit against the Federal Banking Agencies alleging the agencies exceeded their statutory authority and asking the court to vacate the final rule. In March 2024, the District Court for the Northern District of Texas enjoined the Federal Banking Agencies from enforcing the final rule. In July 2025, the Federal Banking Agencies jointly issued a proposal to rescind the 2023 final rule. The agencies announced that because the 2023 final rule was subject to legal action and had not taken effect, the agencies continue to apply the regulatory framework in effect prior to the 2023 final rule.

Consumer Protection Regulation and Supervision

We are subject to the federal consumer financial protection laws implemented by the CFPB, as well as by other federal agencies including the FDIC and Federal Trade Commission. The CFPB has broad rulemaking authority that has impacted, and may continue to impact, the Banks’ operations, including with respect to credit card late fees and other amounts that we may charge. For example, the CFPB’s rulemaking authority may allow it to change regulations adopted in the past by other regulators, including regulations issued under the Truth in Lending Act by the FRB. We are also subject to certain state consumer protection laws, and state attorneys general and other state officials are empowered to enforce certain federal consumer protection laws and regulations. State authorities have increased their focus on and enforcement of consumer protection rules. These federal and state consumer protection laws apply to a broad range of our activities and to various aspects of our business, and include laws relating to interest rates, fair lending, disclosures of credit terms and estimated transaction costs to consumer borrowers, debt collection practices, the use and provision of information to consumer reporting agencies, and the prohibition of unfair, deceptive, or abusive acts or practices in connection with the offer, sale, or provision of consumer financial products and services. Each Bank has in place an effective compliance management system to comply with these laws and regulations.

In March 2024 the CFPB published a final rule that would have significantly reduced the safe harbor amount for late fees that credit card issuers are authorized to charge. In April 2025 the United States District Court for the Northern District of Texas entered an order and final judgment, pursuant to which the CFPB’s credit card late fee rule was vacated. As a result of the rule being vacated, it will have no force or effect, and the late fee safe harbor amounts will continue to be set as they were prior to the CFPB’s late fee rulemaking.

More generally, the CFPB’s ability to rescind, modify or interpret past regulatory guidance could reduce fee income, and increase our compliance costs and litigation exposure. Further, the CFPB has broad authority to enforce the prohibitions of “unfair, deceptive or abusive” acts or practices regardless of which agency supervises the Banks. The CFPB has taken enforcement action against other credit card issuers and financial services companies. Evolution of these standards could result in changes to pricing, practices, procedures and other activities relating to our credit card accounts in ways that could reduce the associated return from those accounts and potentially impact business growth plans. While the CFPB has taken public positions on certain matters, it is unclear what additional changes may be promulgated by the CFPB in the future and what effect, if any, such changes could have on our credit accounts and our consolidated financial condition.

During 2025 under the current Presidential Administration, the operations of the CFPB evolved significantly, with reductions in staff and more limited examinations and enforcement activities. Certain of these developments at the CFPB are subject to pending litigation, and the scope and intensity of the CFPB’s ongoing regulation of our business remains uncertain.

Tabl e of Contents

Brokered Deposits

The FDIA prohibits an insured bank from accepting brokered deposits, unless it is “well capitalized” or it is “adequately capitalized” and then also receives a waiver from the FDIC. In December 2020 the FDIC updated its regulations that implement Section 29 of the FDIA to establish a new framework for analyzing whether certain deposit arrangements qualify as brokered deposits. In the third quarter of 2024, the FDIC published in the Federal Register a proposed rule that, if finalized as proposed, would have expanded the scope of deposits that constitute “brokered deposits” and therefore could potentially have caused certain of our present or prospective deposits to be treated as brokered. The FDIC withdrew this proposed rule in March 2025.

Guiding and Establishing National Innovation for U.S. Stablecoins Act

In July 2025, President Trump signed the GENIUS Act into law, establishing a federal licensing and supervisory framework for payment stablecoins and their issuers. The GENIUS Act may accelerate and increase the competition that non-traditional financial institutions pose to banks’ payment services, but may also create opportunities for banks to hold stablecoin reserve assets, custody stablecoins, or issue stablecoins. Several key provisions of the GENIUS Act require federal regulatory agencies to adopt implementing regulations, and the GENIUS Act will take effect the earlier of 18 months after its enactment or 120 days after the agencies issue final implementing regulations.

Privacy, Information Security and Data Protection

We are subject to various privacy, information security and data protection laws, including requirements concerning security breach notification. For example, we are subject to the GLBA and implementing regulations and guidance in the United States. Among other things, the GLBA: (i) imposes certain limitations on the ability of financial institutions to share consumers’ nonpublic personal information with nonaffiliated third parties; (ii) requires that financial institutions provide certain disclosures to consumers about their information collection, sharing and security practices and affords consumers the right to opt out of the institution’s disclosure of their personal financial information to nonaffiliated third parties (with certain exceptions); and (iii) requires financial institutions to develop, implement and maintain a written comprehensive information security program containing safeguards that are appropriate to the financial institution’s size and complexity, the nature and scope of the financial institution’s activities, the sensitivity of consumer information processed by the financial institution as well as plans for responding to data security breaches.

The State of California enacted the California Consumer Privacy Act (CCPA) in 2018, which was modified in 2020 through a voter referendum adopting the California Privacy Rights Act. Among other requirements, the CCPA requires covered businesses to provide California residents with the right to know what information is being collected from them and whether such information is sold or disclosed to third parties. The statute also allows California residents to access, delete, correct, and opt out of the sale and sharing of personal information that has been collected by covered businesses in certain circumstances. The CCPA does not apply to personal information processed pursuant to the GLBA or the California Financial Information Privacy Act. We are a covered business under the CCPA, which became effective on January 1, 2020. The enactment of the CCPA has prompted a wave of legislative developments in other states, which has created a patchwork of overlapping but different state laws, certain of which include exemptions for GLBA-regulated entities and/or personal information.

Federal and state laws also require us to respond appropriately to data security breaches. A final rule issued by the FRB, OCC, and FDIC, which became effective in May 2022, requires banking organizations to notify their primary federal regulator of significant computer security incidents within 36 hours of determining that such an incident has occurred. The SEC has also adopted rules on Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure, which, among other things, require the filing of a Current Report on Form 8-K following certain cybersecurity incidents.

We continue to monitor, and have a program in place designed to comply with, applicable privacy, information security and data protection requirements imposed by federal and state laws. However, if we experience a significant cybersecurity incident or our regulators deem our information security controls to be inadequate, we could be subject to supervisory criticism or penalties, and/or suffer reputational harm. For further discussion of privacy, data protection and cybersecurity, and related risks for our business, see “Part I—Item 1A. Risk Factors” under the headings “ Regulation in the areas of privacy, data protection, data governance, and cyber security could increase our costs and affect or limit our business opportunities and how we collect and/or use Personal Information, and any actual or perceived failure to comply with any of these new or existing laws could adversely affect our business, results of operations, or financial condition, ” “If we, our third-party providers, or brand partners fail to safeguard our confidential information and/or experience a data security

Tabl e of Contents

incident, there may be damage to our brand and reputation, material financial penalties and legal claims, which could materially adversely affect our business, results of operations, and financial condition,” and “Business interruptions, including loss of data center capacity, interruption due to cyber-attacks, loss of network connectivity or inability to utilize proprietary software of third-party vendors, could affect our ability to timely meet the needs of our partners and customers and harm our business” and “Part I—Item 1C. Cybersecurity.”

Human Capital

Providing a meaningful value proposition for our associates is one of our top priorities. We seek to enhance our associate value proposition continuously to ensure that we offer competitive rewards, career opportunities and flexible work experience, which we believe enables us to attract and retain a highly qualified and motivated workforce.

As of December 31, 2025, we employed approximately 6,000 associates worldwide, with the majority concentrated in the United States. Attracting, developing and retaining top talent is critical to our business. In making these employment-related decisions, we comply with all applicable laws. We promote an inclusive, engaged culture that empowers associates through opportunities to grow, develop and lead. Our associates have been, and will remain, the backbone of our business, and we take a holistic approach to our associates’ experiences, recognizing that an engaged workforce drives our long-term growth and sustainability. Our Board of Directors and Compensation & Human Capital Committee provide important oversight of our human capital management strategy and receive regular updates from senior management and third-party consultants on human capital trends and developments and other key human capital matters that drive our ongoing success and performance.

Associate Benefits and Well-Being

Associate well-being remains a top human capital priority, and we are committed to providing our associates with competitive total compensation, benefits and wellness resources. Our associates continue to value a flexible work experience that allows them to balance office work and remote work time. Over 90% of our associates view our flexible work arrangements as a competitive advantage relative to other potential employment opportunities, and we continue to take advantage of the engagement and productivity benefits associated with increased flexibility, as well as opportunities for connectedness and social interaction. Other associate well-being resources include mental health awareness and counseling support, wellness courses and financial education, a variety of fitness and meditation classes, a reimbursement program for eligible items, memberships, and experiences that enhance well-being and other benefits to promote mental and physical health.

While we continue to improve the competitiveness of our associate benefit offerings, it is also important for associates to make informed decisions about their health and money. When surveyed, 89% of our associates are confident they have the knowledge and skills to make informed decisions about their health and money.

Associate Experience and Engagement

Delivering an exceptional customer experience relies on our ability to cultivate an engaging and rewarding experience for our associates. We maintained high levels of associate engagement and retention in 2025. We continue to listen to and act on feedback from our associates, including through our annual Associate Experience Survey and other more frequent surveys and communications. Each year after the results of the annual Associate Experience Survey have been tabulated, our senior management presents those results to our Compensation & Human Capital Committee and our Board of Directors, including discussion regarding trends observed and actions to be taken in response to the results. Input from our Board of Directors helps inform our human capital strategies and objectives going forward.

Workforce Readiness, Growth and Advancement

At Bread Financial, we know associates have different needs to meet their career goals, including by accessing new work opportunities through our suite of mobility programs. During the year we expanded our existing mobility programs, which include internship opportunities, rotational programs, and our “Flex and Stretch” programs, that allow associates to work on projects outside of their core work responsibilities. Additionally, our six-month Apprentice Program continues to be successful. These mobility programs support our associates in their career goals, while allowing us to move talent across the organization to meet our business needs.

Tabl e of Contents

Robust training and development remain central to our human capital strategy. This year a new partnership with Pluralsight was launched to advance technical skills across the associate population. This enabled the creation of specialized skill paths in technology, an immersive cohort program for AI in Data Science, and an Operational Excellence academy offering Six Sigma, Design Thinking and AI training. In addition to career-oriented training and development, we require annual associate training to ensure ongoing adherence to responsible business practices and ethical conduct, and all associates must certify annually that they have read and will adhere to our Code of Ethics. Our Associate Relations team also conducted ethics roadshows in 2025, which were required for all leaders of people.

Inclusive Culture

We are committed to creating an inclusive culture that attracts and values diversity of thought, experience, background, skills and ideas, driving our associates’ sense of belonging. Over the past few years, we have advanced our actions and activities in support of creating a more inclusive work environment, including the maturation of our associate programs and expansion of our nine Associate Resource Groups, which are open to all associates across our locations and that nearly 1,600 unique associates have voluntarily joined. Based on our annual Associate Experience Survey, 86% of our associates feel a sense of belonging and 90% believe Bread Financial is committed to fostering a work environment of inclusion and belonging.

Sustainability Strategy

We are a financial services company dedicated to empowering our customers and optimizing opportunities to create value for all our stakeholders, while advancing long-term financial and reputational goals. We prioritize initiatives that strengthen our communities, reduce our environmental impact, promote inclusion and build financial confidence. We continue to advance the integration of environmental and social factors into our overall governance, risk management and reporting practices in ways that increase transparency and enhance the quality of our disclosures. Additional information regarding our sustainability strategy and responsible business practices can be found in our annual sustainability report published on our website at: https://investor.breadfinancial.com/sustainability/. No information from this website is incorporated by reference herein. Please also see “Human Capital” above.

Other Information

Our corporate headquarters are located at 3095 Loyalty Circle, Columbus, Ohio 43219, where our telephone number is 614-729-4000.

We file or furnish annual, quarterly and current reports, proxy statements and other information with the SEC. Our SEC filings are available to the public at the SEC’s website at www.sec.gov . You may also obtain copies of our annual, quarterly and current reports, proxy statements and certain other information filed or furnished with the SEC, as well as amendments thereto, free of charge from our website, www.BreadFinancial.com . No information from this website is incorporated by reference herein. These documents are posted to our website as soon as reasonably practicable after we have filed or furnished these documents with the SEC. We post our Audit Committee, Risk & Technology Committee, Compensation & Human Capital Committee and Nominating & Corporate Governance Committee charters, our corporate governance guidelines, and our code of ethics, code of ethics for senior financial officers, and code of ethics for Board members on our website.

Tabl e of Contents

Item 1A.    Risk Factors.

RISK FACTORS

This section should be carefully reviewed, in addition to the other information appearing in this Form 10-K, including the sections entitled “ Risk Management ” and “ Management’s Discussion and Analysis of Financial Condition and Results of Operations ” and our audited Consolidated Financial Statements and related Notes, for important information regarding risks and uncertainties that affect us. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business. If any of the following risks actually occur, our business, financial condition, results of operations, and future prospects could be materially and adversely affected.

Summary

This risk factor summary is qualified in its entirety by reference to the complete description of our risk factors set forth immediately below.

Risks related to our macroeconomic, global, strategic, business and competitive environment include:

• Market conditions, inflation, interest rates, labor market conditions, recessionary pressures or concerns over a prolonged economic slowdown, and the related impact on consumer spending behavior, payments, debt levels, savings rates and other behavior, could have a material adverse effect on our business.

• Global political, public health and social events or conditions, including ongoing wars and military conflicts, may harm our business.

• Our unsecured loans make us reliant on the future credit performance of our customers, and if customers are unable to repay our loans, our level of future delinquency and charge-off rates will increase.

• A significant percentage of our revenue is generated through relationships with a limited number of partners, and a decrease in business from, or the loss of, any of these partners, could have an adverse effect on our business.

• Our business is heavily concentrated in U.S. consumer credit, and therefore our results are more susceptible to fluctuations in the U.S. consumer credit market than a more diversified company.

• The amount of our Allowance for credit losses could adversely affect our business and may be insufficient to cover actual losses on our loans.

• We may be unable to successfully identify, complete or successfully integrate or disaggregate business acquisitions, divestitures and other strategic initiatives.

• Competition in our industry is intense, including competition from new and non-traditional competitors, such as financial technology companies, and with respect to new products, services and technologies, such as the emergence or increase in popularity of agentic commerce, digital payment platforms and currencies and other alternative payment and deposit solutions.

• Our results of operations and growth depend on our ability to retain existing partners and attract new partners, and our results are impacted, to a significant extent, on the active and effective promotion and support of our products by our partners and on the financial performance of our partners.

• Underwriting performance of acquired or new lending programs may not be consistent with existing experience.

• We rely extensively on models in managing many aspects of our business, and if they are not accurate or are misinterpreted, such factors could have a material adverse effect on our business and results of operations.

• Fraudulent activity associated with our products and services could negatively impact our operating results, brand and reputation, decreasing the use of our products and services and increasing our fraud losses.

Risks related to our liquidity, market and credit risk include:

• Adverse financial market conditions or our inability to effectively manage our funding and liquidity risk could have a material adverse effect on our business, liquidity and ability to meet our debt service requirements and other obligations.

• Our inability to effectively access the securitization or other capital markets could limit our funding opportunities for loans and other business opportunities.

• Competition for deposits and regulatory restrictions on deposit products can impact availability and cost of funds.

• Our level of indebtedness may restrict our ability to compete and grow our business.

• Our market valuation has been, and may continue to be, volatile, and returns to stockholders may be limited.

Tabl e of Contents

Risks related to our legal, regulatory and compliance environment include:

• We face various risks related to the extensive government regulation and supervision of our business, including by the FDIC, CFPB and other federal and state authorities. These risks include pending and future laws, regulations or executive actions that may adversely impact our business, including with respect to limits on credit card interest rates or late fees, interchange fees or other charges, as well as supervisory and other actions that may be taken against us by our regulators.

• Pending and future litigation could subject us to significant fines, penalties, judgments and/or requirements.

• We are a holding company and depend on dividends and other payments from our Banks, which are subject to various legal and regulatory restrictions.

• Regulations relating to privacy, information security and data protection could increase our costs, affect or limit how we collect and use personal information and adversely affect our business opportunities.

• Financial institution capital requirements may limit cash available for business operations, growth and returns to stockholders.

Risks related to cybersecurity, technology and third-party vendors include:

• We rely on third-party vendors, and could be adversely impacted if such vendors fail to fulfill their obligations.

• Failures in data protection, cybersecurity and information security, as well as business interruptions to our data centers and other systems, could critically impair our products, services and ability to conduct business.

• Our industry is subject to rapid and significant technological changes, and we may be unable to successfully develop and commercialize new or enhanced products and services. Moreover, technology transformation projects are complex undertakings, which may result in unanticipated adverse consequences.

• The development and use of AI presents risks and challenges to our business, including compliance with new AI laws and regulations, risks associated with AI models, and the malicious use of AI technology by bad actors.

Risks related to the spinoff of our former LoyaltyOne segment include potential tax and other liabilities, existing or future litigation or other disputes, or other adverse impacts.

Macroeconomic, Global, Strategic, Business and Competitive Risks

Weakness and instability in the macroeconomic environment, as well as global political, public health and social events or conditions, could have a material adverse effect on our business, results of operations and financial condition.

Macroeconomic conditions historically have affected our business, results of operations and financial condition and will continue to affect them in the future. We offer an array of payment, lending and saving solutions to consumers, and a prolonged period of economic weakness, including a recession or economic slowdown, economic and market volatility, and other adverse economic conditions, including persistent inflation, high interest rates and high levels of unemployment, could have a material adverse effect on our business, results of operations and financial condition, as these macroeconomic conditions may reduce consumer confidence and negatively impact customers’ payment and spending behavior. Some of the specific risks we face as a result of these conditions include:

• Adverse impacts on our customers’ ability and willingness to pay amounts owed to us, increasing delinquencies, defaults, charge-offs, bankruptcies and consequentially our Allowance for credit losses, and decreasing recoveries;

• Decreased consumer spending, changes in payment patterns, lower demand for credit and shifts in consumer payment behavior towards avoiding late fees, finance charges and other fees;

• Decreased reliability of the processes and modeling we use to estimate our Allowance for credit losses, particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our modeling and our estimates become increasingly subject to management’s judgment; and

• Limitations on our ability to replace maturing liabilities and to access the capital and deposit markets to meet liquidity needs.

While we closely monitor economic conditions and indicators, including inflation, interest rates, changes in monetary policy, housing values, the state of the commercial real estate industry, energy prices, external credit bureau risk scores, consumer wages, consumer saving rates and debt levels, including student loan debt, consumer and business spending, unemployment, financial markets, government policy and concerns about the level of U.S. government debt, as well as economic and political conditions in the U.S. and global markets, the outcome of any of these conditions and indicators remains difficult to predict. During 2025, the economic scenario weightings in our credit reserve modeling continued to

Tabl e of Contents

reflect an elevated possibility of a recession, high interest rates, persistent inflation, and the increased cost of overall consumer debt. A recession or prolonged period of economic weakness would likely, among other things, adversely affect consumer discretionary spending levels and the ability and willingness of customers to pay amounts owed to us and could have a material adverse effect on our business, key credit trends, results of operations and financial condition. Moreover, the current macroeconomic environment may have a disproportionately adverse impact on us, as compared to our peers, due to our relatively higher proportion of private label credit card accounts and our deeper underwriting. In the current macroeconomic landscape, the wage growth of many moderate and lower-income households has been challenged by the compounding effect of persistent inflation, even while unemployment rates remain low. Given the higher proportion of moderate and lower-income households within our partners’ customer bases relative to many of our peers, a continuation of this trend could impact us more negatively than others in our industry. Moreover, the current Presidential Administration’s policies on trade, immigration and taxes could create inflationary pressures, which in turn could disproportionately impact our customer base.

For context, during the Great Recession, our Delinquency and Net principal loss rates peaked in 2009 at 6.2% and 10.0%, respectively. As of December 31, 2025, our Delinquency rate was 5.8% and our 2025 full-year Net principal loss rate was 7.7%. While these 2025 rates were lower than those experienced in 2009, the current and near-term anticipated Delinquency and Net principal loss rates remain elevated, relative to our historical experience, and a prolonged continuation or worsening of these rates could have a material adverse impact on us.

In addition, political events and uncertainties (including those arising from significant shifts in policy that impact consumers, such as tariffs and other trade-related measures, taxes and immigration, among others, and the potential or threat of retaliatory international and domestic policies), international tensions or hostilities, armed conflict, war (such as the ongoing war between Ukraine and Russia and instability in the Middle East), civil unrest, outbreaks of illnesses, pandemics, endemic diseases, or other local or global health issues, climate-related events, impacts to the power grid, and natural disasters have, to varying degrees, negatively impacted our operations, brand partners, service providers and consumer spending, and such events and conditions may negatively impact the economy and us going forward. Moreover, political disputes over the debt ceiling, budget deficits, healthcare or immigration policy or other matters may result in prolonged government shutdowns and increase the possibility of the U.S. government defaulting on its debt and/or having its credit ratings further downgraded, any of which could weaken the U.S. dollar, cause market volatility, negatively impact the economy and banking system and adversely affect our financial condition, including our liquidity and ability to access capital.

The loans we make are unsecured, and we may not be able to ultimately collect from customers that default on their loans.

The primary risk associated with unsecured consumer lending is the risk of default or bankruptcy of the borrower, resulting in the borrower’s balance being written-off as uncollectible. We rely principally on the borrower’s creditworthiness for repayment of the loan and, therefore, have no other recourse for collection. An increase in defaults or net principal losses could result in a reduction in Net income.

We may not be able to successfully identify and evaluate the creditworthiness of borrowers to minimize delinquencies and losses. As part of our efforts to manage our credit risk, we use our automated proprietary scoring technology and verification procedures to make risk-based underwriting decisions when approving new account holders, establishing or adjusting their credit limits and applying our risk-based pricing. These models may not accurately predict future charge-offs for various reasons discussed elsewhere in these Risk Factors, including in “ Our risk management policies and procedures may not be effective, and the models we rely on may not be accurate or may be misinterpreted. ” While we monitor credit quality on a regular and consistent basis, utilizing internal algorithms and external credit bureau risk scores and other data, these algorithms and data sources may be inaccurate or incomplete, including as a result of certain customers’ credit profiles not fully reflecting their credit risk due to any number of factors, including, for example, the less-regulated reporting requirements for many fintechs offering buy now, pay later products or other lending options and existing or future limitations on the reporting of medical debt. Mandated changes to credit bureau reporting, or the information that may be included in a credit bureau report, can change the accuracy of scoring models that leverage tradelines and performance in determining credit risk. As a result, the data and models upon which we rely may not fully reflect the extent of our customers’ actual financial obligations.

General economic conditions, including a recession or prolonged economic slowdown, persistent inflation, interest rates, high unemployment or volatility in energy prices, may result in greater delinquencies that lead to greater credit losses. In addition to being affected by general economic conditions and the success of our collection and recovery efforts, the

Tabl e of Contents

stability of our Delinquency and Net principal loss rates are affected by the credit risk inherent in our Credit card and other loan portfolios, as well as the vintage of the accounts in our various credit card portfolios. We also closely monitor the segment of our portfolio with student loans to observe payment rate trends. In December 2025, the Department of Education announced that, beginning in early 2026, the federal government would begin garnishing wages of student loan borrowers that are in default on federal student loans; provided that the Department of Education subsequently announced that it was indefinitely postponing any such garnishments. The impact of this policy change, to the extent it becomes effective, on our customers’ ability to repay us remains uncertain.

Further, our pricing strategy may not offset the negative impact on profitability caused by increases in delinquencies and credit losses, thus any material increases in delinquencies and credit losses beyond our current estimates could have a material adverse impact on us. Our Delinquency rates were 5.8% of Credit card and other loans as of December 31, 2025, compared with 5.9% and 6.5% as of December 31, 2024 and 2023, respectively. For 2025, our Net principal loss rate was 7.7%, compared with 8.2% and 7.5% for 2024 and 2023, respectively. As referenced above, the current and near-term anticipated Delinquency and Net principal loss rates remain high, relative to our historical experience, and a prolonged continuation or worsening of these rates could have a material adverse impact on our business and results of operations.

A significant percentage of our Total net interest and non-interest income, or revenue, is generated through our relationships with a limited number of partners, and a decrease in business from, or the loss of, any of these partners could cause a significant drop in our revenue.

We depend on a limited number of large partner relationships for a significant portion of our revenue. As of and for the year ended December 31, 2025, our five largest credit card programs (based on Total net interest and non-interest income) accounted for approximately 49% of our Total net interest and non-interest income excluding the gain on sale and 44% of our End-of-period credit card and other loans. In particular, our programs with (alphabetically) Signet Jewelers, Ulta Beauty and Victoria’s Secret & Co. and its retail affiliates, each accounted for 10% or more of our Total net interest and non-interest income for the year ended December 31, 2025. Our business is intensely competitive, and we cannot provide assurance that we will retain the business of all of our significant brand partners going forward.

Our business is heavily concentrated in U.S. consumer credit, and therefore our results are more susceptible to fluctuations in that market than a more diversified company.

Our business is heavily concentrated in U.S. consumer credit. As a result, we are more susceptible to fluctuations and risks particular to U.S. consumer credit than a more diversified company. For example, our business is particularly sensitive to macroeconomic conditions that affect the U.S. economy, consumer spending and consumer credit. We are also more susceptible to the risks of increased regulations and legal and other regulatory actions that are targeted at consumer credit or the specific consumer credit products that we offer, such as legislation and regulations relating to credit card late fees, credit card interest rates and promotional financing. Our business concentration could have an adverse effect on our results of operations.

We expect growth to result, in part, from new and acquired credit card and other loan programs whose performance could result in increased portfolio losses and negatively impact our profitability.

We expect an important source of our growth to come from new and acquired credit card and other loan programs. We cannot be assured that the loss experience on new and acquired programs will be consistent with our more established programs, or that the cost to provide service to these new and acquired programs will not be higher than anticipated. The failure to successfully underwrite these new and acquired programs may result in defaults greater than our expectations and could have a material adverse impact on us and our profitability. See “ Our risk management policies and procedures may not be effective, and the models we rely on may not be accurate or may be misinterpreted. ” Moreover, under the CECL accounting rules, the acquisition of an existing credit card portfolio typically has a negative impact on certain key financial metrics in the near-term, including Net income and Earnings per share, because we are required to include a reserve build in our Provision for credit losses for the estimated credit losses to be experienced over the life of the acquired portfolio. The amount of this reserve build is often large relative to the amount of revenue generated through such date by the related credit card portfolio. See also “ –The amount of our Allowance for credit losses could adversely affect our business and may prove to be insufficient to cover actual losses on our loans. ”

Tabl e of Contents

Our risk management policies and procedures may not be effective, and the models we rely on may not be accurate or may be misinterpreted.

Our risk management framework, which seeks to identify and mitigate current or future risks and appropriately balance risk and return, may not be comprehensive or fully effective. As regulations and competition continue to evolve, our risk management framework may not always keep sufficient pace with those changes. If our risk management framework does not effectively identify or mitigate our risks, we could suffer unexpected losses and could be materially adversely affected.

We rely extensively on models in managing many aspects of our business, including liquidity and capital planning (including stress testing), customer selection, underwriting and line management, credit and other risk management, pricing, reserving and collections management. The models may prove in practice to be less accurate, predictive or useful than we expect for a variety of reasons, including as a result of (i) errors in constructing, interpreting or using the models, (ii) the use of inaccurate assumptions (including models being calibrated on historical cycles and correlations which may not be predictive of the future, or failures to update assumptions appropriately or in a timely manner), or (iii) the model producing results that are not compliant with fair lending or other laws and regulations. Our assumptions may be inaccurate for many reasons including that they often involve matters that are inherently difficult to predict and beyond our control (e.g., macroeconomic conditions, including continued elevated inflation, low unemployment, increasing consumer debt levels and weakening in macroeconomic indicators, and their impact on partner and customer behaviors) and they often involve complex interactions between a number of dependent and independent variables, factors and other assumptions. In particular, in recent years, we have observed rates and correlations among several key macroeconomic variables, such as unemployment and interest rates, perform outside of observed historical norms, which could impact the reliability of certain models in the current economic environment. In addition, as we seek to update and enhance our models, these updates and enhancements may produce unexpected or unreliable results. The errors or inaccuracie s in our models may be material, and could lead us to make poor or sub-optimal decisions in managing our business, and this could have a material adverse effect on our business, results of operations and financial condition.

Fraudulent activity associated with our products and services could negatively impact our operating results, brand and reputation and cause the use of our products and services to decrease and our fraud losses to increase.

We are subject to the risk of fraudulent activity associated with our products and services, as well as retailers, partners, other merchant parties or third-party service providers handling consumer information. Our products are susceptible to application fraud bec ause, among other things, we provide immediate access to credit at the time of approval. In addition, digital sales on the internet and through mobile channels continue to be a larger part of our business, and fraudulent activity is higher as a percentage of sales in those channels than in brick-and-mortar store transactions. The different financial products we offer, including deposit products, are susceptible to different types of fraud, and, depending on our product mix and channel mix, we may continue to experience variations in, or levels of, fraud-related expenses that are different from or higher than those experienced by some of our competitors or the industry generally. The risk of fraud continues to increase for the financial services industry, and credit card and deposit fraud, identity theft and related crimes are likely to continue to be prevalent, with increasingly sophisticated perpetrators. More recently, emerging generative AI capabilities, such as synthetic voice and conversation generation, introduced new fraud risks, especially in the form of identity fraud. Our resources, technologies and fraud prevention tools may be insufficient to accurately detect and prevent fraud.

Our fraud-related operational losses were $65 million for both the years ended December 31, 2025 and 2024, and $127 million for the year ended December 31, 2023. During 2023, we believe the financial services industry generally experienced an uptick in both the volume and sophistication of fraud attacks, and we also experienced that trend in our business, with fraud-related operational losses increasing significantly. While we were successful in decreasing fraud-related losses in 2024 and 2025, t he perpetrators of fraud attacks remain persistent and we cannot provide assurance that fraud-related losses will remain at or below these lower levels going forward. In addition to direct financial impacts, high profile fraudulent activity could also negatively affect our brand and reputation, which could negatively impact the use of our services, leading to a material adverse effect on our results of operations. In addition, significant increases in fraudulent activity could lead to regulatory intervention, including, but not limited to, additional consumer notification requirements, increasing our costs and negatively impacting our operating results, net income and profitability. Regulators and consumer activists have also sought to expand financial institutions’ responsibility to hold customers harmless for fraudulent transactions on their accounts, which increases our exposure to fraud-related losses.

Tabl e of Contents

The amount of our Allowance for credit losses could adversely affect our business and may prove to be insufficient to cover actual losses on our loans.

The Financial Accounting Standards Board’s CECL accounting standard requires us to determine periodic estimates of the lifetime expected credit losses on our Credit card and other loans, and reserve for those expected credit losses through an allowance for credit losses against the loans. In addition, as referenced above, for credit card loan portfolios we acquire, we are required to establish such an allowance for credit losses. Any subsequent deterioration in the performance of a purchased portfolio results in incremental credit loss reserves. Growth in our loan portfolio generally would also lead to an increase in our Allowance for credit losses.

The process for establishing our Allowance for credit losses is critical to our results of operations and financial condition, and requires complex modeling and judgments, including forecasts of economic conditions. The ongoing impact of CECL will be significantly influenced by the composition, characteristics and quality of our Credit card and other loans, as well as the prevailing economic conditions and forecasts utilized. For additional information regarding our Allowance for credit losses, see Note 3, “Allowance for Credit Losses” to our audited Consolidated Financial Statements included as part of this Annual Report on Form 10-K.

The CECL model may create more volatility in the level of our Allowance for credit losses. If we are required (as a result of any review, update, regulatory guidance or otherwise) to materially increase our level of the Allowance for credit losses, such increase could adversely affect our business, financial condition, results of operations and opportunity to pursue new business. Moreover, we may underestimate our expected credit losses, and we cannot assure that our Allowance for credit losses will be sufficient to cover actual losses.

We may not be successful in realizing the benefits associated with our acquisitions, dispositions and strategic investments, and our business and reputation could be materially adversely affected.

Historically, we have acquired a number of businesses, as well as made strategic investments in businesses, products, technologies, platforms or other ventures, and we expect to continue to evaluate potential acquisitions, investments and other transactions in the future. There is no assurance that we will be able to successfully identify suitable candidates for any such opportunities, value any such opportunities accurately, negotiate favorable terms for any such opportunities, or successfully complete any such proposed transactions. If we are unable to identify attractive acquisition candidates or accretive new business opportunities, our growth could be limited.

Similarly, we may evaluate the potential disposition of, or elect to divest, assets or portfolios that no longer complement our long-term strategic objectives, as we did in November 2021, when we completed the spinoff of our LoyaltyOne segment. See also “ Risks Related to the LoyaltyOne Spinoff. ”

In addition, there are numerous risks associated with acquisitions, dispositions and the implementation of new business opportunities, including, but not limited to:

• the diversion of management’s attention from other business concerns;

• continued financial responsibility with respect to a divested business, including guarantees, indemnities or other financial obligations;

• the assumption of unknown liabilities of the acquired company;

• the uncertainty of achieving expected benefits of an acquisition or disposition, including revenue, human resources, technological or other cost savings, operating efficiencies or synergies;

• the inability to integrate systems, personnel or technologies from our acquisitions and strategic investments;

• unforeseen legal, regulatory or other challenges that we may not be able to manage effectively; and

• the reduction of cash available for operations, payment of dividends, stock repurchase programs or other uses and potentially dilutive issuances of equity securities or incurrence of additional debt.

Furthermore, if the operations of an acquired or new business do not meet expectations, our profitability may decline and we may seek to restructure the acquired business or to impair the value of some or all of the assets of the acquired or new business.

Tabl e of Contents

Competition in our industry is intense, and the markets for the services that we offer may contract or fail to expand, each of which could negatively impact our growth and profitability.

The markets for our products and services are highly competitive, and we expect this competition to intensify. Our growth and continued profitability depend on continued acceptance or adoption of the products and services we offer. We compete with a wide range of businesses, and some of our current competitors have longer operating histories, stronger brand names and greater financial, technical, marketing and other resources than we do. Moreover, the consumer credit and payments industry is highly competitive and we face an increasingly dynamic industry as emerging products, services and technologies, as well as new and non-traditional competitors, enter the marketplace. For a more detailed discussion regarding how we compete with respect to each of our product categories, as well as detail on emerging competitive trends, see “Item 1. Business—Competition” of this Form 10-K above. Additionally, downturns in the economy or the performance of our retail or other partners, including as a result of macroeconomic conditions, geopolitical events or global health events or other pandemic or endemic diseases, may result in a decrease in the demand for our products and services. Our ability to generate significant revenue from partners and customers will depend on our ability to differentiate ourselves through the products and services we provide and the attractiveness of our programs to consumers. If we are not able to differentiate our products and services from those of our competitors, drive value for our partners and their customers, or effectively and efficiently align our resources with our goals and objectives, we may not be able to compete effectively in the market. Any decrease in the demand for our products and services for the reasons discussed above or any other reasons could have a material adverse effect on our growth, revenue and operating results.

Our results of operations and growth depend on our ability to retain existing partners and attract new partners.

The majority of our revenue is generated from the credit products we provide to customers of our partners pursuant to program agreements that we enter into with our partners. As a result, our results of operations and growth depend on our ability to retain existing partners and attract new partners. Historically, there has been turnover in our partners, and we expect this will continue in the future. See also, “ A significant percentage of our Total net interest and non-interest income, or revenue, is generated through our relationships with a limited number of partners, and a decrease in business from, or the loss of, any of these partners could cause a significant drop in our revenue. ”

There is significant competition for our existing partners, and our failure to retain our existing larger partner relationships upon the expiration of a program agreement or our earlier loss of a relationship upon the exercise of a partner’s early termination rights, or the expiration or termination of a substantial number of smaller partner contracts or relationships, could have a material adverse effect on our results of operations (including growth rates) and financial condition to the extent we do not acquire new partners of similar size and profitability or otherwise grow our business. In addition, existing relationships may be renewed on less favorable terms to us in response to increased competition for such relationships. The competition for new partners is also significant, and our failure to attract new partners could adversely affect our ability to grow.

Our results depend, to a significant extent, on the active and effective promotion and support of our products by our brand partners.

Our partners generally accept most major credit cards and various other forms of payment; therefore our success depends, in part, on their active and effective promotion of our products to their customers. We depend on our partners to integrate the use of our credit products into their operations, including into their in-store and online shopping experiences and loyalty programs. We rely on our partners to train their sales and call center associates about our products and to have their associates encourage customers to apply for, and use, our products and otherwise effectively market our products. If our partners do not effectively promote and support our products, or if they make changes in their business models that negatively impact card usage, these actions could have a material adverse effect on our business and results of operations. Partners may also implement or fail to implement changes in their systems and technologies that may disrupt the integration between their systems and technologies and ours, any of which could disrupt the use of our products. In addition, if our partners engage in improper business practices, do not adhere to the terms of our program agreements or other contractual arrangements or standards, or otherwise diminish the value of our brand, we may suffer reputational damage and customers may be less likely to use our products, which could have a material adverse effect on our business and results of operations.

Tabl e of Contents

Our results are impacted, to a significant extent, by the financial performance of our partners.

Our ability to originate new credit card accounts, generate new loans, and earn interest and fees and other income is dependent, in part, upon sales of merchandise and services by our partners and the use of our products by customers. The retail and other industries in which our partners operate are intensely competitive. Our partners’ sales may decrease or may not increase as we anticipate for various reasons, some of which are in the partners’ control and some of which are not. For example, partner sales have been, and in the future may be, adversely affected by pandemic or endemic diseases or other macroeconomic conditions having a national, regional or more local effect on consumer spending, business conditions affecting the general retail environment, such as supply chain distributions or the ability to maintain sufficient staffing levels or a particular partner or industry, or natural disasters or other catastrophes affecting broad or more discrete geographic areas. If our partners’ sales decline for any reason, it generally results in lower credit sales, and therefore lower loan volumes and associated interest and fees and other income for us from our customers. In addition, if a partner closes some or all of its stores or becomes subject to a voluntary or involuntary bankruptcy proceeding (or if there is a perception that such an event may occur), we may be adversely impacted in a number of different ways. In such circumstances, we may lose future credit sales and existing customers may have less incentive to pay their outstanding balances to us, which could result in higher charge-off rates than anticipated and our costs for servicing its customers’ accounts may increase. This risk is particularly acute with respect to our largest partners that account for a significant amount of our Total net interest and non-interest income. See “ A significant percentage of our Total net interest and non-interest income, or revenue, is generated through our relationships with a limited number of partners, and a decrease in business from, or the loss of, any of these partners could cause a significant drop in our revenue. ” Moreover, if the financial condition of a partner deteriorates significantly or a partner becomes subject to a bankruptcy proceeding, we may not be able to recover customer returns, customer payments made in partner stores or other amounts due to us from the partner. The impact of the bankruptcy of any particular brand partner on our business is difficult to predict; most recently, for example, our brand partner Saks Fifth Avenue filed for Chapter 11 bankruptcy protection in January 2026. A decrease in sales by our partners for any reason, or a bankruptcy proceeding involving any of them could have a material adverse impact on our business and results of operations.

We may not be successful in our efforts to promote usage of our DTC credit cards, or to effectively control the costs associated with such promotion, both of which may materially impact our profitability.

We have been investing in promoting the use of our DTC credit cards, including our Bread Cashback American Express Credit Card and our Bread Rewards American Express Credit Card, but there can be no assurance that our investments to acquire cardholders, provide differentiated features and services and increase the use of our DTC credit cards will be effective, particularly with increasing competition from other card issuers and fintechs, as well as changing consumer and business behaviors. In addition, if we develop new products or offers that attract customers looking for short-term incentives rather than incentivizing long-term loyalty, cardholder attrition and costs could increase. Moreover, we may not be able to cost-effectively manage and expand cardholder benefits, including controlling the growth of marketing, promotion, rewards and cardholder services expenses in the future.

Reductions in interchange fees, or changes in the laws and regulations governing such fees, could have various adverse impacts on our business and results of operations.

Interchange is a fee merchants pay to the payment networks in exchange for using the network’s infrastructure and payment facilitation, some of which is paid to credit card issuers. We earn interchange fees on co-brand and general purpose credit card transactions, but we typically do not charge or earn interchange fees from our partners or customers on our private label credit card products.

Certain merchants, in an effort to decrease their operating expenses, have with some success sought to lower interchange fees, including through litigation against the payment networks, promoting alternative payment platforms with lower processing costs and lobbying for legislative or regulatory changes. Several recent events and actions indicate a continuing focus on interchange by legislators, regulators and merchants. In 2023, for example, legislation was reintroduced in the U.S. House of Representatives and Senate, which, among other things, would require large issuing banks (over $100 billion) to offer a choice of at least two unaffiliated networks over which electronic transactions may be processed. At the state level, the Illinois legislature passed a bill that would prohibit the charging of interchange fees on sales tax and gratuities and restrict use of electronic payment transaction data except to facilitate or process the transaction or as required by law. This Illinois legislation is being challenged in federal court, and on February 10, 2026, the court issued a ruling denying a permanent injunction sought by the plaintiffs that would have enjoined the interchange fee provisions of the legislation, although the court did grant a permanent injunction with respect to the data use restrictions in the legislation.

Tabl e of Contents

The court’s ruling against the plaintiffs will be appealed. Unless the plaintiffs obtain a stay or injunction during the appeal process or the legislature otherwise intervenes, the prohibition on charging interchange fees on sales tax and gratuities in Illinois will become effective July 1, 2026. Similar legislation has been introduced in other states and, absent a successful legal challenge, these bills would have a number of adverse impacts on us, including negatively impacting our interchange revenue and creating operational challenges. In addition, in November 2025, a proposed settlement was announced in the long-standing Visa/Mastercard litigation, which began in 2005 when a class of merchant plaintiffs alleged that Visa and Mastercard, along with their member banks, engaged in anti-competitive practices by collectively setting excessive interchange fees and imposing other restrictive rules on merchants. The proposed settlement would, among other items, reduce interchange fees and give merchants greater choice in accepting credit cards in various categories, which could have various adverse impacts on our business, including reduced interchange revenue and decreased acceptance of certain of our cards by retailers. The proposed settlement remains subject to court approval, and we can provide no assurance with respect to the timing or outcome of the court approval process or the effects on us of the settlement if approved.

Furthermore, to the extent interchange fees are reduced, one of our current competitive advantages with our partners—that we typically do not charge interchange fees when our private label credit card products are used to purchase our partners’ goods and services—may be reduced. In addition, for our co-brand and general purpose credit cards, we are subject to the operating regulations and procedures set forth by the payment networks. Our failure to comply with these operating regulations, which may change from time to time, could subject us to various penalties or fees, or the termination of our license to use the applicable payment network, all of which could have a material adverse effect on our business and results of operations.

We may not be able to retain and/or attract and hire a highly qualified workforce or maintain our corporate culture, and having a large segment of our workforce periodically working from home may exacerbate these risks and cause new risks.

Our performance largely depends on the talents and efforts of our employees, particularly our key personnel and senior management. We may be unable to retain or to attract highly qualified employees. The market for key personnel is highly competitive, particularly in technology and other skill areas significant to our business. Failure to attract, hire, develop, motivate and retain highly qualified employee talent, or to maintain a corporate culture that fosters innovation, creativity and teamwork could harm our overall business and results of operations. We rely on key personnel to lead with integrity and decency. To the extent our leaders behave in a manner that is not consistent with our values and leadership behaviors, we could experience significant impacts to our brand and reputation, as well as to our corporate culture.

Moreover, in connection with the COVID-19 pandemic, we transitioned nearly all of our workforce to work remotely, and nearly all of our workforce continues to work on a hybrid office/remote schedule. Remote work by a majority of our employee population may impact our culture and employee engagement with our company, which could affect productivity and our ability to retain employees who are critical to our operations and may increase our costs and impact our results of operations. Moreover, work from home policies by other companies may create more job opportunities for employees and make it more difficult for us to attract and retain key talent, especially in light of changing worker expectations and talent marketplace variability regarding flexible work models. In addition, employees who work from home rely on residential communication networks and internet providers that may not be as resilient as commercial networks and providers, and therefore may be more susceptible to service interruptions and cyberattacks than commercial systems. Our business continuity and disaster recovery plans, which have been historically developed and tested with a focus on centralized delivery locations, may not work as effectively in a distributed work from home model, where weather impacts, network and power grid downtime may be difficult to manage. If we are unable to manage the work from home environment effectively to address these and other risks, our reputation and results of operations may be impacted.

Our operations and financial performance could be adversely affected by severe weather and natural disasters, as well as by climate change and ESG-related regulations and actions.

Severe weather events and natural disasters could have a material adverse effect on our financial position and results of operations, and the timing and effects of any such events cannot accurately be predicted. The frequency and severity of some types of weather events and natural disasters, including wildfires, tornadoes, severe storms and hurricanes, have increased in recent years, which further reduces our ability to predict their effects accurately. These such events could affect us directly (for example, by interrupting our systems, impacting the power grid, damaging our facilities or otherwise preventing us from conducting our business in the ordinary course) or indirectly (for example, by damaging or destroying brand partner businesses or customers’ homes, impacting our service providers or otherwise impairing customers’ ability to repay their loans). Many of our customers were affected by the particularly intense 2024 hurricane season in the U.S. As a

Tabl e of Contents

result of these hurricanes, we froze delinquency progression for cardholders in Federal Emergency Management Agency (FEMA) identified impact zones for one billing cycle, which resulted in modestly lower Net principal losses and Net principal loss rate in the fourth quarter of 2024, and consequently negatively impacted Net principal losses and the Net principal loss rate in the second quarter of 2025.

In addition, many governments, investors and other stakeholders have sought to accelerate actions to address climate change and other environmental, social and governance topics. This has led to new regulations and expectations, which may be conveyed to us in the form of stockholder proposals, public campaigns, proxy solicitations or otherwise, that may cause significant shifts in disclosure, commerce and consumption behaviors. Any of these developments may impact our operating costs and our business. For example, in March 2024, the SEC issued final rules relating to the disclosure of a range of climate-related risks and other information. Multiple lawsuits were filed against the SEC, and the SEC issued a voluntary stay of the rules, pending review by the U.S. Court of Appeals for the Eighth Circuit, where the litigation had been consolidated and is currently being held in abeyance until the SEC reconsiders the final rule or renews its defense. While it currently appears unlikely these rules will become effective as issued, to the extent such rules do become effective, we and/or our partners could incur increased costs related to the assessment and disclosure of climate-related information. Our failure to comply with these requirements, if adopted, or any future regulatory requirements or disclosure standards, may expose us to government enforcement actions or private litigation and otherwise damage our reputation, any of which could adversely impact our business.

Conversely, other stakeholders hold differing views on sustainability-related goals and initiatives. Certain state governments and activist groups, as well as the current Presidential Administration through a series of executive orders and other actions, have pursued measures that appear designed to discourage companies from engaging in ESG practices or adhering to certain ESG principles. The complex regulatory and legal frameworks applicable to such actions or measures continue to evolve. We cannot be certain of the impact of such regulatory, legal and other developments on our business.

These dynamic, and sometimes conflicting, circumstances may result in pressure from investors, unfavorable reputational impacts, including inaccurate perceptions or misrepresentation of our actual business practices, diversion of management’s attention and resources, potential proxy fights, and litigation or investigations initiated by government authorities or private actors alleging that our activities are anti-competitive, discriminatory or otherwise unlawful, among other adverse impacts. Any failure, or perceived failure, by us to adhere to our public statements, comply fully with developing interpretations of sustainability-related laws and regulations, or meet evolving and varied stakeholder expectations and standards could negatively impact our business, reputation, operating results and financial condition.

Our Board-approved sustainability strategy, which focuses on opportunities to create value for all our stakeholders, while advancing our long-term financial and reputational goals, is intended to drive additional progress on initiatives that promote sustainability, responsible business practices and increased transparency in our disclosures. We continue to advance the integration of sustainability into our overall governance and risk management practices. Statements in this and other filings we make with the SEC and other public statements, including in our annual sustainability reporting, related to these initiatives reflect our current plans and expectations and are not a guarantee that these initiatives will be achieved or achieved on the currently anticipated timeline. Our ability to execute on our sustainability strategy or achieve sustainability initiatives is subject to numerous factors and conditions, many of which are outside of our control.

Damage to our reputation could damage our business.

Maintaining a positive reputation is critical to attracting and retaining partners, customers, investors and employees. Damage to our reputation can therefore cause significant harm to our business and prospects. Harm to our reputation can arise from numerous sources, including, among others:

• employee misconduct;

• a breach of our or our service providers’ cybersecurity defenses;

• service outages;

• litigation or regulatory outcomes;

• stockholder activism;

• failing to deliver minimum standards of service and quality;

• compliance failures;

• the use of our, or our partners’ products to facilitate legal, but controversial, products and services; and

• the activities of customers, business partners and counterparties.

Tabl e of Contents

Social media also can cause harm to our reputation. By its very nature, social media can reach a wide audience in a very short amount of time, which presents unique challenges for corporate communications. Negative or otherwise undesirable publicity generated through unexpected social media coverage can damage our reputation and brand. Negative publicity regarding us, whether or not true, may result in customer attrition and other harm to our business prospects. There has also been increased focus on topics related to environmental, social and governance policies, and criticism of our policies in these areas could also harm our reputation and/or potentially limit our access to some forms of capital or liquidity.

Liquidity, Market and Credit Risks

Adverse financial market conditions or our inability to effectively manage our funding and liquidity risk could have a material adverse effect on our business, liquidity and ability to meet our debt service requirements and other obligations.

We need to effectively manage our funding and liquidity in order to meet our cash requirements such as day-to-day operating expenses, extensions of credit to our customers, investments to grow our business, payments of principal and interest on our borrowings and payments on our other obligations. Our primary sources of liquidity include cash generated from operating activities, our credit facility, issuances of senior unsecured, subordinated or convertible debt securities and preferred stock, financings through our securitization programs, and deposits with the Banks. If we do not have sufficient liquidity, we may not be able to meet our debt service requirements and other obligations, particularly during a liquidity stress event. If we maintain or are required to maintain too much liquidity, it could be costly and reduce our financial flexibility.

We will need additional financing in the future to repay or refinance our existing debt at maturity, or otherwise, and to fund our growth. As of the date of this Annual Report on Form 10-K, we had outstanding $500 million of 6.750% senior notes due in 2035 and $400 million of 8.375% subordinated notes due in 2035. The availability of additional financing will depend on a variety of factors such as financial market conditions generally, including the availability of credit to the financial services industry and our lender counterparties’ willingness to lend to us, consumers’ willingness to place money on deposit with us, our performance and credit ratings and the performance of our securitized portfolios. As an example of circumstances impacting our lenders’ willingness to lend, U.S. federal banking regulators proposed new rules in July 2023, commonly referred to as the Basel III “Endgame” or B3E, which would significantly revise the capital requirements applicable for large banking organizations with total assets of $100 billion or more. Following initial consultation, federal banking regulators are in the process of reproposing rules implementing B3E, targeting a new proposal in 2026 and phase-in several years later. The future of B3E implementation remains uncertain. While the proposed B3E rules would not directly apply to us because we are under the $100 billion asset threshold, most of our institutional lenders would be subject to the enhanced capital requirements under B3E, which could limit their lending capacity available to lend to us and other borrowers. Disruptions, uncertainty or volatility in the capital, credit or deposit markets, such as the uncertainty and volatility experienced in the capital and credit markets during recessions and periods of financial stress, may limit our ability to obtain additional financing or refinance maturing liabilities on desired terms (including funding costs) in a timely manner, or at all. As a result, we may be forced to delay obtaining funding or be forced to issue or raise funding on undesirable terms, which could significantly reduce our financial flexibility and cause us to contract or not grow our business, all of which could have a material adverse effect on our results of operations and financial condition.

The debt markets may be volatile for a number of reasons, including due to the interest rate environment, macroeconomic conditions and political events and uncertainties, and there can be no assurance that significant disruptions, uncertainties and volatility will not occur in the future. Specifically, availability of capital from the non-investment grade debt markets may be subject to significant volatility, and there can be no assurance that we will be able to access those markets at attractive rates, or at all. It is possible that we will be required to repay or refinance some or all of our maturing debt in volatile and/or unfavorable markets. If we are unable to continue to fund our business operations, access capital markets for debt refinancings and otherwise, and attract deposits on favorable terms and in a timely manner, or if we experience an increase in our borrowing costs or otherwise fail to manage our liquidity effectively, our results of operations and financial condition may be materially adversely affected.

If we are unable to securitize our credit card loans due to changes in the market or other circumstances or events, we may not be able to fund new credit card loans, which would have a material adverse effect on our operations and profitability.

A significant source of funding is our securitization of credit card loans, which involves the transfer of credit card loans to a trust, and the issuance by the trust of notes to third-party investors collateralized by the beneficial interest in the

Tabl e of Contents

transferred credit card loans. A number of factors affect our ability to fund our credit card loans in the securitization market, some of which are beyond our control, including:

• conditions in the securities markets in general and the asset-backed securitization market in particular;

• availability of loans for securitization;

• conformity in the quality of our credit card loans to rating agency requirements and changes in that quality or those requirements;

• costs of securitizing our credit card loans;

• ability to fund required over-collateralization or credit enhancements, which are routinely used to achieve better credit ratings to lower borrowing cost; and

• the legal, regulatory, accounting or tax rules affecting securitization transactions and asset-backed securities, generally.

Moreover, as a result of Basel III, which refers generally to a set of regulatory reforms adopted in the U.S. and internationally that are meant to address issues that arose in the banking sector during the 2008-2010 financial crisis, banks have become subject to more stringent capital, liquidity and leverage requirements. In response to Basel III, certain lenders of private placement commitments within our securitization trusts have sought and obtained amendments to their respective transaction documents permitting them to delay disbursement of funding increases by up to 35 days. Although funding may be requested from other lenders who have not delayed their funding, access to financing could be disrupted if all of the lenders implement such delays or if the lending capacities of those who did not do so were insufficient to make up the shortfall. Furthermore, if adopted in its current form, the B3E rules would generally require large U.S. banking organizations to maintain higher levels of capital than under the current Basel III requirements. These higher capital requirements could cause our institutional lenders to reduce their lending activities and increase our securitization trusts’ borrowing costs. For example, excess spread may be affected if a securitization trust’s borrowing costs increase as a result of the proposed B3E changes to existing capital requirements. Such cost increases may result, for example, because the investors are entitled to indemnification for increased costs resulting from such regulatory changes, such as increased capital requirements. The future of B3E implementation remains uncertain.

The inability to securitize credit card loans due to changes in the market, regulatory proposals, the unavailability of credit enhancements, or any other circumstance or event would have a material adverse effect on our operations, cost of funds and overall financial condition.

The occurrence of events that result in the early amortization of our existing credit card securitization transactions or an inability to delay the accumulation of principal collections for our existing credit card securitization transactions would materially adversely affect our liquidity.

Our liquidity and cost of funds would be materially adversely affected by the occurrence of events that could result in the early amortization of our existing credit card securitization transactions. Early amortization events may occur as a result of certain adverse events specified for each asset-backed securitization transaction, including, among others, deteriorating asset performance or material servicing defaults. In addition, certain series of funding securities issued by our securitization trusts are subject to early amortization based on triggers relating to the bankruptcy of one or more retailers or other partners. Deteriorating economic conditions and increased competition in the retail industry, among other factors, may lead to an increase in bankruptcies among retailers who have entered into credit card programs with us. The bankruptcy of one or more retailers or other partners could lead to a decline in the amount of new loans and could lead to increased delinquencies and defaults on the associated loans. Any of these effects of a partner bankruptcy could result in the commencement of an early amortization for one or more series of such funding securities, particularly if such an event were to occur with respect to a retailer or other partner relating to a large percentage of such securitization trust’s assets. The occurrence of an early amortization event may significantly limit our ability to securitize additional loans and materially adversely affect our liquidity.

Lower payment rates on our securitized credit card loans could materially adversely affect our liquidity and financial condition .

Certain collections from our securitized credit card loans come back to us through our subsidiaries, and we use these collections to fund the purchase of newly originated loans to collateralize our securitized financings. If payment rates on our securitized credit card loans are lower than they have historically been, fewer collections will be remitted to us on an ongoing basis. Further, certain series of our asset-backed securities include a requirement that we accumulate principal collections in a restricted account for a specified number of months prior to the applicable security’s maturity date. We are

Tabl e of Contents

required under the program documents to lengthen this accumulation period to the extent we expect the payment rates to be low enough that the current length of the accumulation period is inadequate to fully fund the restricted account by the applicable security’s maturity date. Lower payment rates, and in particular payment rates that are low enough that we are required to lengthen our accumulation periods, could materially adversely affect our liquidity and financial condition.

Inability to grow or maintain our deposit levels in the future could have a material adverse effect on our liquidity, ability to grow our business and profitability.

A significant source of our funding is through customer deposits, primarily in the form of certificates of deposit and other savings products. We obtain deposits directly from retail customers or through brokerage firms that offer our deposit products to their customers. In recent years, deposits have become an increasingly important source of funds for us, with, for example, our DTC deposits growing 11% from $7.7 billion as of December 31, 2024 to $8.5 billion as of December 31, 2025, and average DTC deposits representing 48% of our total funding sources, which is comprised of retail and wholesale deposits, and secured and unsecured borrowings. Our funding strategy includes continued growth of our liquidity through deposits. The deposit business continues to experience intense competition in attracting and retaining deposits. We compete on the basis of the rates we pay on deposits, the quality of our customer service and the competitiveness of our digital banking capabilities. Our ability to attract and maintain retail deposits remains highly dependent on the products we offer, the strength of our Banks, the reputability of our business practices and our financial health. Adverse perceptions regarding our lending practices, regulatory compliance, protection of customer information or sales and marketing practices, or actions taken by regulators or others with respect to our Banks, could impede our competitive position in the deposits market. Furthermore, the failures of other financial institutions (such as those of Silicon Valley Bank and Signature Bank in early 2023) or broader concerns about the financial services industry may cause deposit outflows as customers spread deposits among several different banks so as to maximize their amount of FDIC insurance, move deposits to banks deemed “too big to fail” or remove deposits from the banking system entirely.

The demand for the deposit products we offer may also be reduced due to a variety of factors, including macroeconomic events, changes in interest rates, changes in consumers’ preferences, demographics or discretionary income, regulatory actions that decrease consumer access to particular products or the development or availability of competing products. Competition from other financial services firms and others that use deposit funding products may affect deposit renewal rates, costs or availability. Conversely, any adjustments we make to the rates offered on our deposit products to remain competitive may adversely affect our liquidity or our profitability.

The FDIA prohibits an insured bank from offering interest rates on any deposits that significantly exceed rates in its prevailing market, unless it is “well capitalized.” A bank that is less than “well capitalized” may not pay an interest rate on any deposit in excess of 75 basis points over certain prevailing market rates. There are no such restrictions under the FDIA on a bank that is “well capitalized” and as of December 31, 2025, each of our Banks met or exceeded all applicable requirements to be deemed “well capitalized” for purposes of the FDIA. However, there can be no assurance that our Banks will continue to meet those requirements. Any limitation on the interest rates our Banks can pay on deposits may competitively disadvantage us in attracting and retaining deposits, resulting in a material adverse effect on our business.

The FDIA also prohibits an insured bank from accepting brokered deposits, unless it is “well capitalized” or it is “adequately capitalized” and receives a waiver from the FDIC. Limitations on our Banks’ ability to accept brokered deposits for any reason (including regulatory limitations on the volume of brokered deposits in total or as a percentage of total assets) in the future could materially adversely impact our liquidity, funding costs and profitability. In December 2020, the FDIC updated its regulations that implement Section 29 of the FDIA to establish a new framework for analyzing whether certain deposit arrangements qualify as brokered deposits. This brokered deposit rule establishes bright-line standards for determining whether an entity meets the statutory definition of “deposit broker” and a consistent process for application of the primary purpose exception. All deposits on the Consolidated Balance Sheets of our Banks categorized as non-brokered in accordance with the current regulations mentioned above comply with all application requirements of those regulations. In the third quarter of 2024, the FDIC published in the Federal Register a proposed rule that, if finalized as proposed, would have expanded the scope of deposits that constitute “brokered deposits” and therefore could potentially have caused certain of our present or prospective deposits to be treated as brokered. The FDIC withdrew this proposed rule in March 2025.

As of December 31, 2025, we had $13.9 billion in deposits, with approximately $7.7 billion in non-maturity savings deposits and approximately $6.2 billion in certificates of deposit. If, for whatever reason, we are unable to grow or maintain our deposit levels, our liquidity, ability to grow our business and profitability could be materially adversely affected.

Tabl e of Contents

Our level of indebtedness could materially adversely affect our ability to generate sufficient cash to repay our outstanding debt, and our ability to react to changes in our business and our incurrence of additional indebtedness to fund future needs could exacerbate these risks.

Our level of indebtedness requires a high level of interest and principal payments. Subject to the limits contained in our credit agreement, the indenture governing our senior notes and our other debt instruments, we may be able to incur substantial additional indebtedness from time to time to finance working capital, capital expenditures, investments or acquisitions, or for other purposes. If we do so, the risks related to our level of indebtedness could intensify. Our level of indebtedness increases the possibility that we may be unable to generate cash sufficient to pay, when due, the principal of, interest on or other amounts due in respect of our indebtedness. Our level of indebtedness, combined with our other financial obligations and contractual commitments, could:

• make it more difficult for us to satisfy our obligations with respect to our indebtedness, and any failure to comply with the obligations under any of our debt instruments, including restrictive covenants, could result in an event of default under our credit agreement, the indenture governing our senior notes and the agreements governing our other indebtedness;

• require us to dedicate a substantial portion of our cash flow from operations to payments on our indebtedness, thereby reducing funds available for working capital, capital expenditures, acquisitions or other new business and other corporate purposes;

• increase our vulnerability to adverse economic and industry conditions, which could place us at a competitive disadvantage or require us to dispose of assets to raise funds if needed for working capital or to pay, when due, the principal of, interest on or other amounts due in respect of our indebtedness;

• limit our flexibility in planning for, or reacting to, changes in our business and the industries in which we and our brand partners operate;

• limit our ability to borrow additional funds, or to dispose of assets to raise funds, if needed, for working capital, capital expenditures, acquisitions or other new business and other corporate purposes;

• delay or abandon investments and capital expenditures;

• cause any refinancing of our indebtedness to be at higher interest rates and require us to comply with more onerous covenants, which could further restrict our business operations; and

• prevent us from raising the funds necessary to repurchase all senior notes tendered to us upon the occurrence of certain changes of control.

Restrictions imposed by the indenture governing our senior notes, our credit agreement and our other outstanding or future indebtedness may limit our ability to operate our business and to finance our future operations or capital needs or to engage in other business activities.

The terms of the indenture governing our senior notes, our credit agreement and agreements governing our other debt instruments limit us and our subsidiaries from engaging in specified types of transactions. These covenants limit our and our subsidiaries’ ability, among other things, to:

• incur additional debt;

• declare or pay dividends, redeem stock or make other distributions to stockholders;

• make investments;

• create liens or use assets as security in other transactions;

• merge or consolidate, or sell, transfer, lease or dispose of substantially all of our assets;

• enter into transactions with affiliates;

• sell or transfer certain assets; and

• enter into any consensual encumbrance or restriction on the ability of certain of our subsidiaries to pay dividends or make loans or sell assets to us.

As a result of these covenants and restrictions, we may be limited in how we conduct our business, and we may be unable to raise additional indebtedness to compete effectively or to take advantage of new business opportunities. The terms of any future indebtedness we may incur could include more restrictive covenants. We cannot assure that we will be able to maintain compliance with these covenants in the future. If we fail to comply with such covenants, we may not be able to obtain waivers of non-compliance from the lenders and/or amend the covenants so that we are in compliance therewith.

Tabl e of Contents

Any reduction in our credit ratings could increase the cost of our funding from, and restrict our access to, the capital markets and have a material adverse effect on our results of operations and financial condition.

Ratings of our debt are based on a number of factors, including financial strength, as well as factors not within our control, including conditions affecting the financial services industry, and the macroeconomic environment. Our ratings or outlook could be downgraded at any time and without any notice by any of the rating agencies, which could, among other things, adversely limit our access to the capital markets and adversely affect the cost and other terms upon which we are able to obtain funding. Our ability to raise funding through the securitization market also depends, in part, on the credit ratings of the securities we issue from our securitization trusts. If we are not able to satisfy rating agency requirements to confirm the ratings of our asset-backed securities, it could limit our ability to access the securitization markets. In addition, ratings issued by a ratings agency may differ as among different securities, and ratings issued for the same security may differ as among the different issuing ratings agencies.

Changes in market interest rates could negatively affect our profitability.

Changes in market interest rates cause our finance charges and our interest expense to increase or decrease, as certain of our assets and liabilities carry interest rates that fluctuate with market rates. We fund Credit card and other loans with a combination of fixed rate and floating rate funding sources that include deposits and securitized financings. We also have unsecured debt that is subject to variable interest rates, and we may in the future incur additional debt and/or issue preferred equity that may rely on variable interest rates.

The interest rate benchmark for most of our floating rate assets is the Prime rate, and the interest rate benchmark for our floating rate liabilities is generally either the Secured Overnight Financing Rate (SOFR) or the Federal funds rate. The Prime rate and SOFR or the Federal funds rate could reset at different times or could diverge, leading to mismatches in the interest rates on our floating rate assets and floating rate liabilities. Interest rates are highly sensitive to many factors that are beyond our control, including general economic conditions, the competitive environment within our markets, consumer preferences for specific loan and deposit products, and policies of various governmental and regulatory agencies, in particular the Federal Reserve. Changes in monetary policy, including changes in interest rates being applied by the Federal Reserve, could influence the amount of interest we receive on our Credit card and other loans and the amount of interest we pay on deposits and borrowings. As a result, the amount of interest we pay on our credit facilities may be difficult to predict.

If the interest we pay on deposits and other borrowings increases at a faster rate than the interest we receive on our Credit card and other loans, our profitability would be adversely affected. Conversely, our profitability could also be adversely affected if the interest we receive on our Credit card and other loans falls more quickly than the interest we pay on deposits and other borrowings.

Future sales of our common stock, or the perception that future sales could occur, may adversely affect our common stock price.

As of February 6, 2026, we had an aggregate of 149,509,403 shares of our common stock authorized but unissued and not reserved for specific purposes. In general, we may issue all of these shares without any action or approval by our stockholders. We have reserved 8,320,451 shares of our common stock for issuance under our employee stock purchase plan and our long-term incentive plans, of which 1,052,261 shares have been issued and 2,696,814 shares are issuable upon vesting of restricted stock awards and restricted stock units. We have reserved for issuance 1,500,000 shares of our common stock, 107,291 of which remain issuable, under our 401(k) Plan as of December 31, 2025. In addition, we may issue shares of our common stock in connection with acquisitions. Sales or issuances of a substantial number of shares of common stock, or the perception that such transactions could occur, could adversely affect prevailing market prices of our common stock, and any sale or issuance of our common stock will dilute the ownership interests of existing stockholders.

The market price and trading volume of our common stock may be volatile and our stock price could decline.

The trading price of shares of our common stock has from time to time fluctuated widely and, in the future, may be subject to similar fluctuations. The trading price of our common stock may be affected by a number of factors, including our operating results, changes in our earnings estimates, additions or departures of key personnel, our financial condition, legislative, executive and regulatory changes, monetary and fiscal policy, general conditions in the industries in which we and our brand partners operate, general economic conditions, and general conditions in the securities markets. Other risks described in this Annual Report on Form 10-K could also materially adversely affect our share price.

Tabl e of Contents

There is no guarantee that we will pay future dividends or repurchase shares of our stock at a level anticipated by stockholders, which could reduce returns to our stockholders. Decisions to declare future dividends on or repurchase our stock will be at the discretion of our Board of Directors based upon a review of relevant considerations and restrictions imposed by the terms of our outstanding preferred stock.

Since October 2016, our Board of Directors has declared quarterly cash dividend payments on our outstanding common stock. We issued our inaugural series of publicly-traded preferred stock in November 2025, and we expect to pay our first quarterly dividend payment on our preferred stock in March 2026. Future declarations of quarterly dividends and the establishment of future record and payment dates on our common and preferred stock are subject to approval by our Board of Directors. The Board’s determination to declare dividends on, or repurchase shares of, our stock will depend upon our profitability and financial condition, contractual restrictions, restrictions imposed by applicable laws and regulations, including those governing our Banks’ ability to pay dividends and make distributions or other payments to us, and other factors that the Board of Directors deems relevant. Based on an evaluation of these factors, the Board of Directors may determine in the future not to declare dividends at all, to declare dividends at a reduced amount, not to repurchase shares or to repurchase shares at reduced levels compared to historical levels, any or all of which could reduce returns to our stockholders. Further, under the terms of our outstanding preferred stock, our ability to declare, pay or set aside any payment for dividend or distribution on our common stock, or repurchase, redeem or otherwise acquire for consideration, directly or indirectly, any shares of our common stock, is subject to restrictions in the event that we do not declare and either pay or set aside a sum sufficient for payment of dividends on our preferred stock for the immediately preceding dividend period.

In preparing our financial statements we make certain assumptions, judgments and estimates that affect amounts reported in our audited Consolidated Financial Statements, which, if not accurate, may significantly impact our financial results.

We make assumptions, judgments and estimates in determining the Allowance for credit losses, accruals for employee-related liabilities, accruals for uncertain tax positions, valuation allowances on deferred tax assets and legal contingencies. We also make assumptions, judgments and estimates for items such as the fair value of financial instruments, any impairment of goodwill, long-lived assets and other prepaid or intangible assets, the fair value of stock awards, as well as the recognition of revenue. These assumptions, judgments and estimates are drawn from historical experience and various other factors that we believe are reasonable under the circumstances as of the date of the audited Consolidated Financial Statements. Actual results could differ materially from our estimates as a result of adverse impacts from various factors, including regulatory or legislative changes, unexpected developments in legal contingencies, or if future macroeconomic conditions or future operating results differ significantly from our current assumptions, and such differences could significantly impact our financial results.

Legal, Regulatory and Compliance Risks

Our business is subject to extensive and evolving government regulation and supervision, which could materially adversely affect our results of operations and financial condition.

We, primarily through our Banks and certain non-bank subsidiaries, are subject to extensive federal and state regulation, supervision and examination by regulators, including the FDIC, the Delaware Office of the State Bank Commissioner, the Utah Department of Financial Institutions, and the CFPB. Banking and consumer financial protection laws and regulations are intended to protect consumers, depositors’ funds, the DIF, and the safety and soundness of the banking system as a whole, not stockholders and non-deposit creditors. These laws and regulations affect our lending practices, capital structure, investment practices, dividend policy and growth, among other things. Federal and state legislative bodies and regulatory agencies continually review banking laws, regulations and policies for possible changes. Compliance with laws and regulations can be difficult and costly, and changes to laws and regulations, as well as increased intensity in supervision, often impose additional compliance costs. The scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years, initially in response to the 2008-2010 financial crisis, and more recently in light of other factors such as technological and market changes and the high-profile bank failures in the first half of 2023. We believe that regulatory enforcement and fines have also increased across the banking and financial services sector.

Further, while the current Presidential Administration and the congressional majorities in the U.S. Senate and House of Representatives have supported reducing the regulatory burden, the scope of legislation, executive action and regulation and the intensity of supervision will likely remain uncertain in the current regulatory and political environments at both the

Tabl e of Contents

federal and state levels, including with respect to late fees and credit card interest rates. Moreover, in certain cases, uncertainty at the federal level has prompted a rise in state lawmakers, regulators and attorneys general taking more active roles in consumer finance regulation and enforcement, potentially creating a complex regulatory patchwork in areas such as interchange fees, credit card reward programs and other matters. Such changes could subject us to additional costs, limit the types of financial services and products we may offer, and/or limit what we may charge for certain banking services, among other things.

Examples of federal and state legislation that we track include legislation intended to place caps on the interest rates that we and other financial institutions are permitted to charge. For instance, in 2023, Colorado passed a law (initially scheduled to be effective July 2024) to “opt out” of the national standard interest rate for interstate loans by state-chartered banks as provided by federal law in the Depository Institutions Deregulation and Monetary Control Act (DIDMCA). By opting out of DIDMCA, Colorado would have the ability to regulate and limit interest rates on loans “made in” Colorado, and the Colorado law would generally cap interest rates at 21% and late fees at $15 with a 10-day grace period. In June 2024, the U.S. District Court for the District of Colorado preliminarily enjoined Colorado from enforcing the interest rates in the Colorado Uniform Consumer Credit Code with respect to any loan made by the plaintiffs’ members to the extent the loan is not made by a lender in Colorado and the applicable interest rate in 12 U.S.C. 1831d(a) exceeds the rate that would otherwise be permitted. In November 2025, the U.S. Court of Appeals for the Tenth Circuit reversed the District Court’s preliminary injunction, concluding that “made in” encompasses loans in which either the lender or the borrower is located in Colorado, meaning that Colorado could impose interest-rate caps on loans made by out-of-state banks to Colorado borrowers. The plaintiffs in the litigation (who are opposing the Colorado law) are challenging this ruling.

Legislatures in other states have proposed similar laws in the past and may again in the future. We cannot provide any assurance as to the final outcome of this or other similar proposed or future legislation in other states, any of which would have an adverse effect on our business and results of operations. While still subject to potential reversal, the recent Tenth Circuit decision could also encourage other states to adopt similar legislation. In addition, President Trump and various federal legislators have also made public statements regarding potential efforts to place caps on credit card interest rates, and a bill was introduced in the U.S. Senate in February 2025 proposing to cap credit card interest rates at 10% for a period of five years. Most recently, in January 2026, President Trump made public statements on social media and elsewhere in support of placing a cap of 10% on credit card interest rates for a one-year period. The likelihood of any such cap being effectuated in any new executive action, legislation or regulation remains uncertain, but any such cap on interest rates would significantly limit our ability to extend credit to certain of our customers and would have a material adverse effect on our business, results of operations and financial condition.

In connection with their continuous supervision and examinations of us, the FDIC, CFPB and/or other regulatory agencies may require changes in our business or operations. Any such changes may be judicially enforceable and in some cases, regardless of fault, it may be less time-consuming or costly to settle these matters, which may require us to implement certain changes to our business practices, provide remediation to certain individuals or make a settlement payment to a given party or regulatory body. We may also become subject to formal or informal enforcement and other supervisory actions, including memoranda of understanding, written agreements, cease-and-desist orders, and prompt-corrective-action or safety-and-soundness directives. For example, in late November 2023, the FDIC issued a consent order to one of our subsidiaries, Comenity Servicing LLC, arising out of the June 2022 transition of our credit card processing services to strategic outsourcing partners, and in August 2024 each of our Banks entered into an agreement with the FDIC to pay civil money penalties (CMPs) of $1 million per Bank, also related to the June 2022 transition. For additional information regarding this consent order, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) — Legislative, Regulatory Matters and Capital Adequacy.” Regulatory authorities have extensive discretion in their supervisory and enforcement actions. Supervisory actions could entail significant restrictions on our existing business, our ability to develop new business, our flexibility in conducting operations, and our ability to pay dividends or utilize capital. Enforcement and other supervisory actions also can result in the imposition of civil monetary penalties or injunctions, related litigation by private plaintiffs, damage to our reputation, and a loss of customer or investor confidence. We could be required, as well, to dispose of specified assets and liabilities within a prescribed time-frame. As a result, any enforcement or other supervisory action could have an adverse effect on our business, results of operations, financial condition and prospects.

In addition, changes in the regulatory and supervisory environments could adversely affect us in substantial and unpredictable ways, including by limiting the types of financial services and products we may offer, enhancing the ability of others to offer more competitive financial services and products, restricting our ability to make acquisitions or pursue other profitable opportunities, and negatively impacting our results of operations and financial condition. Changes in the

Tabl e of Contents

prevailing interpretations of federal or state laws and related regulations could also invalidate or call into question the legality of certain of our services and business practices.

Our failure to comply with the laws, executive actions, regulations, and supervisory actions to which we are subject, even if the failure is inadvertent or reflects a difference in interpretation, could subject us to fines, other penalties, and restrictions on our business activities, any of which could adversely affect our business, results of operations, financial condition, cash flows, capital base, and the price of our securities.

See “Item 1. Business — Supervision and Regulation” for more information about certain laws and regulations to which we are subject and their impacts on us.

Litigation and other actions and disputes could subject us to significant fines, penalties, judgments and/or requirements resulting in significantly increased expenses, damage to our reputation and/or a material adverse effect on our business.

Businesses in the financial services and payments industry have historically been, and continue to be, subject to significant legal actions, including class action lawsuits. Many of these actions have included claims for substantial compensatory or punitive damages; for example, in November 2025, a jury found that we should be required to pay punitive damages in an action against us under the Fair Credit Reporting Act (FCRA), with the punitive damages amount far exceeding the actual damages awarded the plaintiff; provided that the amount of any punitive damages in this case remains subject to determination by the trial court judge.. While we have historically relied on our arbitration clause (which includes a class action waiver) in agreements with customers to limit our exposure to class action litigation, there can be no assurance that we will always be successful in enforcing our arbitration clause in the future. For instance, a plaintiff might prove that she/he did not accept our account terms and conditions (e.g., in an identity theft claim under the FCRA or in a claim under the Military Lending Act, which prohibits an arbitration requirement). There may also be legislative, regulatory or other efforts to limit or eliminate the use of arbitration clauses or class action waivers, and if our arbitration provisions are found to be unenforceable or are otherwise limited or eliminated, our exposure to class action litigation could increase significantly. Further, e ven if our arbitration clause remains enforceable, we may be subject to mass arbitrations in which large groups of consumers bring arbitrations against us simultaneously. Given the inherent uncertainties involved in litigation, and the very large or indeterminate damages sought in some matters asserted against us, there is significant uncertainty as to the ultimate liability we may incur from litigation. Claims and legal actions could involve significant defense costs and reputational damage, and the time-consuming nature of legal proceedings can divert senior management attention from the business. For additional detail regarding the litigation matters filed against us in connection with our spinoff of LVI in 2021, see “ Risk Factors—Risks Related to the LoyaltyOne Spinoff” and Note 20, “Commitments and Contingencies” to our audited Consolidated Financial Statements.

In addition to litigation and regulatory matters, from time to time, through our operational and compliance controls, we identify compliance issues that require us to make operational changes and, depending on the nature of the issue, result in financial remediation to impacted cardholders. These self-identified issues and voluntary remediation payments could be significant depending on the issue and the number of cardholders impacted. They also could generate litigation or regulatory investigations that subject us to additional adverse effects on our business, results of operations and financial condition.

Our Banks are subject to extensive federal and state regulation that may restrict their ability to make cash available to us and may require us to make capital contributions to them.

Although not a bank holding company as defined under the BHC Act, Bread Financial Holdings, Inc. is our parent holding company and, as such, depends on dividends, distributions and other payments from subsidiaries, particularly our Banks, to fund dividend payments, any potential share repurchases, payment obligations, including debt obligations, and to provide funding and capital, as needed, to our other operating subsidiaries. Federal and state laws and regulations extensively regulate the operations of our Banks, including to limit the ability of the Banks to pay dividends or make other distributions to us. Many of these laws and regulations are intended to maintain the safety and soundness of our Banks, and they impose significant restraints on them to which other non-regulated entities are not subject.

Our Banks must maintain minimum amounts of regulatory capital. If the Banks do not meet these capital requirements, their respective regulators have broad discretion to institute a number of corrective actions that could have a direct material effect on our liquidity, ability to grow our business and financial condition. To pay any dividend, the Banks must each maintain adequate capital above regulatory guidelines. Accordingly, neither CB nor CCB may be able to make any of their cash or other assets available to us, including to service our indebtedness. If either of our Banks were to fail to meet any of

Tabl e of Contents

the capital requirements to which it is subject, we may be required to provide them with additional capital, which could also impair our ability to fund dividend payments, any potential share repurchases and our payment obligations, including servicing our indebtedness.

In addition, under the “Source of Strength” doctrine, we are required to serve as a source of financial strength to our Banks and may not conduct our operations in an unsafe or unsound manner. Under these requirements, in the future, we could be required to provide financial assistance to our Banks if the Banks experience financial distress. This support may be required at times when we might otherwise have determined not to provide it or when doing so is not otherwise in our interests or the interests of our stockholders or creditors.

If legislative attempts to amend the BHC Act to eliminate the exclusion of credit card banks or industrial loan companies from the definition of “bank” are successful, or if we voluntarily take such action that results in the Parent Company becoming a federally-regulated BHC, we would become subject to additional regulation applicable to BHCs, which could increase our compliance and regulatory costs and have other effects that could be materially adverse to our business.

Legislation is periodically introduced that would eliminate the exception for industrial loan companies and other “non-bank banks” from the definition of “bank” in the BHC Act. If such legislation were enacted without any grandfathering of or accommodations for existing institutions, we could be required to become a BHC.

If we were required to become a BHC, or if we voluntarily take such action that results in the Parent Company becoming a federally-regulated BHC, we and our non-bank subsidiaries would be subject to supervision, regulation and examination by the FRB. We would be required to provide annual reports and such additional information as the FRB may require pursuant to the BHC Act, and applicable regulations. In addition, we would be subject to consolidated regulatory capital requirements.

Pursuant to provisions of the BHC Act and regulations promulgated by the FRB thereunder, a BHC may only engage in, or own companies that engage in, activities deemed by the FRB to be permissible for BHCs. Activities permissible for BHCs are those that are so closely related to the business of banking or managing or controlling banks as to be a proper incident thereto. If a BHC and its subsidiary insured depository institutions are well capitalized, well managed, and have satisfactory CRA ratings, it may submit an election to the FRB to become an FHC. Permissible activities for FHCs include those “so closely related to banking as to be a proper incident thereto” as well as certain additional activities deemed “financial in nature or incidental to such financial activity” or complementary to a financial activity and that do not pose a substantial risk to the safety and soundness of the depository institution or the financial system. If we were required to become a BHC, we may be required to modify or discontinue certain of our business activities, which may materially adversely affect our results of operations and financial condition.

We may not realize the expected benefits of the pending merger of our subsidiary Banks.

Realization of the potential benefits contemplated by the planned internal merger of CCB and CB, with CCB as the surviving entity, depend on a number of factors, including regulatory approval of state and federal banking agencies, as well as our ability to timely and successfully integrate the operations of the merging subsidiaries into a single bank operation. As a result, we may not be successful in realizing the expected operational and financial benefits of the pending merger of our subsidiary Banks, and we may experience other adverse consequences, including the diversion of management’s attention from other business concerns and unforeseen legal, regulatory or other challenges that we may not be able to manage effectively.

Increases in FDIC insurance premiums may have a material adverse effect on our results of operations.

We are generally unable to control the amount of premiums that are required to be paid for FDIC insurance. If there are bank or financial institution failures, or changes in the method for calculating premiums, we may be required to pay significantly higher premiums than the levels currently imposed or additional special assessments or taxes that could adversely affect our earnings. Any future increases or required prepayments in FDIC insurance premiums may materially adversely affect our results of operations.

Tabl e of Contents

Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss.

The Bank Secrecy Act and the USA PATRIOT Act contain anti-money laundering and financial transparency provisions intended to detect and prevent the use of the U.S. financial system for money laundering and terrorist financing activities. The Bank Secrecy Act, as amended by the USA PATRIOT Act, requires depository institutions and their holding companies to undertake activities including maintaining an anti-money laundering program, verifying the identity of partners and customers, monitoring for and reporting suspicious transactions, reporting on cash transactions exceeding specified thresholds, and responding to requests for information by regulatory authorities and law enforcement agencies. The Financial Crimes Enforcement Network (FinCEN), a unit of the Treasury Department that administers the Bank Secrecy Act, is authorized to impose significant civil money penalties for violations of those requirements and has recently engaged in coordinated enforcement efforts with the Federal Banking Agencies , as well as the U.S. Department of Justice, Drug Enforcement Administration, and Internal Revenue Service (IRS). We are also subject to scrutiny of compliance with the rules enforced by the OFAC, which may require sanctions for dealing with certain persons or countries. We cannot provide assurance that our programs and controls will be effective to ensure our compliance with all applicable anti-money laundering and anti-terrorism financing laws and regulations, and our failure to comply could subject us to significant sanctions, fines, penalties and reputational harm, all of which could have a material adverse effect on our business, results of operations and financial condition.

Regulation in the areas of privacy, data protection, data governance, and cyber security could increase our costs and affect or limit our business opportunities and how we collect and/or use Personal Information, and any actual or perceived failure to comply with any of these new or existing laws could adversely affect our business, results of operations, or financial condition.

In connection with running our business, we receive, store, use and otherwise process information that relates to individuals and/or constitutes “personal data,” “personal information,” “personally identifiable information,” “nonpublic personal information” or similar terms under applicable data privacy laws (collectively, Personal Information), including from and about actual and prospective customers, as well as our employees and business contacts. We are therefore subject to a variety of federal and state laws, regulations and other requirements relating to the privacy, security and handling of Personal Information. For example, the CCPA and related laws in other jurisdictions require us, among other requirements, to adhere to certain disclosure restrictions and deletion obligations with respect to the Personal Information of their residents, and allow for penalties for violations and, in some cases, a private right of action. The GLBA includes both a “Privacy Rule,” which imposes obligations on financial institutions relating to the use or disclosure of nonpublic personal information, and a “Safeguards Rule,” which imposes obligations on financial institutions to implement and maintain physical, administrative and technological measures to protect the security of non-public personal financial information. Failure to comply with the GLBA could result in enforcement actions. These laws also impose transparency and other obligations with respect to Personal Information and provide individuals with rights with respect to their Personal Information.

Legislators and regulators in the United States are increasingly adopting or revising privacy, data protection, data governance, account access, and information and cyber security laws. As such laws are interpreted and applied (in some cases, with significant differences or conflicting requirements across jurisdictions), compliance and technology costs will continue to increase, particularly in the context of ensuring that adequate data governance, data protection, data transfer and account access mechanisms are in place.

Compliance with current or future privacy, data protection, data governance, account access, and information and cyber security laws could significantly impact our collection, use, sharing, retention and safeguarding of Personal Information and could restrict our ability to provide certain products and services, which could materially and adversely affect our profitability. In addition, any failure or perceived failure to comply with such laws, regulations and other requirements relating to the privacy, security and handling of information could result in potentially significant regulatory and/or governmental investigations and/or claims, actions or litigation (including class actions). We could incur significant costs in investigating and defending such claims and, if found liable, pay significant damages or fines, be required to change our business, or face sanctions or ongoing regulatory monitoring. These proceedings and any subsequent adverse outcomes could subject us to significant customer attrition, decreases in the use or acceptance of our cards and damage to our reputation and our brand. If any of these events were to occur, our business, results of operations, and financial condition could be materially adversely affected.

Tabl e of Contents

For more information on regulatory and legislative activity in this area, see “Item 1. Business — Privacy, Information Security and Data Protection.”

Our failure to protect our intellectual property rights and use of open source software may harm our competitive position, and litigation to protect our intellectual property rights or defend against third-party allegations of infringement may be costly, any of which could negatively impact our business, results of operations and profitability.

Third parties may infringe or misappropriate our trademarks or other intellectual property rights, which could adversely impact our business, operating results or financial condition. The actions we take to protect our patents, copyrights, trademarks and other proprietary rights may not be adequate. Litigation may be necessary to enforce our intellectual property rights, protect our patents, copyrights, trademarks or trade secrets or determine the validity and scope of the proprietary rights of others. Any infringement or misappropriation could harm any competitive advantage we currently derive or may derive from our intellectual property or other proprietary rights. Third parties may also assert infringement claims against us. Any claims and an adverse determination in any resulting litigation could subject us to significant liability for damages and require us to either design around a third-party’s intellectual property or license alternative technology from another party. Moreover, it has become common in recent years for individuals and groups to purchase intellectual property assets for the sole purpose of making claims of infringement and attempting to extract settlements from companies like ours. Even in instances where we believe that claims and allegations of intellectual property infringement against us are without merit, litigation is time consuming and expensive to defend and could result in the diversion of our time and resources. Further, our competitors or other third parties may independently design around or develop similar technology, or otherwise duplicate our services or products in a way that would preclude us from asserting our intellectual property rights against them. In addition, our contractual arrangements may not effectively prevent disclosure of our intellectual property or confidential and proprietary information or provide an adequate remedy in the event of an unauthorized disclosure.

Our platform utilizes software covered by open source licenses. The use of open source software involves a number of risks, many of which cannot be eliminated and could negatively affect our business. For example, United States courts have not interpreted the terms of various open source licenses and there is a risk that some open source licenses to which we are subject could be interpreted in a manner that could impose unanticipated conditions or restrictions on our ability to use or to commercialize our platform. By the terms of certain open source licenses, if we combine our proprietary software with open source software in a certain manner, we could be required to, under certain circumstances, release the source code of our proprietary software and to make our proprietary software available under open source licenses.

We may face claims alleging noncompliance with open source licenses or misappropriation, infringement, or other violation of third-party rights resulting from our use of open source software. These claims could result in litigation, damage our reputation in the open-source community, or require us to purchase costly software licenses, devote additional research or development resources to reengineer our platform, discontinue use of our platform if reengineering could not be accomplished on a timely or cost-effective basis, and/or make the source code of our proprietary software generally available, any of which could result in liability to us and negatively impact our business, results of operations, profitability and financial condition. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software because open source software licensors generally do not provide any warranties or other contractual protections for the open source software, including contractual protections regarding infringement, misappropriation, security vulnerabilities, or defects or errors in the code, any of which could result in liability to us and negatively impact our business, results of operations, profitability and financial condition.

We have international operations that subject us to various international risks as well as increased compliance and regulatory risks and costs.

We have international operations, primarily in India, and some of our third-party service providers provide services to us from other countries, all of which subject us to a number of international risks, including, among other things, sovereign volatility and sociopolitical instability. In recent years, we have taken initiatives to move a greater percentage of our call center and servicing personnel offshore, which may increase our reliance on these international operations and the risk associated therewith. Any future social or political instability in the countries in which we operate could have a material adverse effect on our business. U.S. regulations also govern various aspects of the international activities of domestic corporations and increase our compliance and regulatory risks and costs. Any failure on our part or the part of our service providers to comply with applicable U.S. regulations, as well as the regulations in the countries and markets in which we or they operate, could result in fines, penalties, injunctions or other similar restrictions, any of which could have a material adverse effect on our business, results of operations and financial condition.

Tabl e of Contents

Tax legislation initiatives or challenges to our tax positions could adversely affect our results of operations and financial condition .

We are subject to tax laws and regulations in U.S. federal, state, local and foreign jurisdictions. From time to time legislative initiatives may be proposed, which, if enacted, may impact our effective tax rate and could adversely affect our deferred tax assets, tax positions and/or our tax liabilities. In addition, U.S. federal, state, local, and foreign tax laws and regulations are extremely complex and subject to varying interpretations. There can be no assurance that our historical tax positions will not be challenged by the relevant taxing authorities, or that we would be successful in defending our positions in connection with any such challenge.

Anti-takeover provisions in our organizational documents and Delaware law may discourage or prevent a change of control, even if an acquisition would be beneficial to our stockholders, which could affect our stock price adversely and prevent or delay change of control transactions or attempts by our stockholders to replace or remove our current management.

Delaware law, as well as provisions of our certificate of incorporation, including those relating to our Board’s authority to issue series of preferred stock without further stockholder approval, our bylaws and our existing and future debt instruments, could discourage unsolicited proposals to acquire us, even though such proposals may be beneficial to our stockholders.

In addition, we are subject to the provisions of Section 203 of the Delaware General Corporation Law, which may prohibit certain business combinations with stockholders owning 15% or more of our outstanding voting stock. These and other provisions in our certificate of incorporation, bylaws and Delaware law could make it more difficult for stockholders or potential acquirers to obtain control of our Board of Directors or initiate actions that are opposed by our then-current Board of Directors, including a merger, tender offer or proxy contest involving us. Any delay or prevention of a change of control transaction or changes in our Board of Directors could cause the market price of our common stock to decline or delay or prevent our stockholders from receiving a premium over the market price of our common stock that they might otherwise receive.

Cybersecurity, Technology and Vendor Risks

We rely on third-party vendors to provide various products and services that are important to our operations, and our business could be adversely impacted if our vendors fail to fulfill their obligations.

Some services important to our business are outsourced to third-party vendors, and we contract with numerous other third-party vendors for a range of products and services. The inability or failure of these vendors to deliver products and services at contracted service levels or standards and in a timely manner could adversely affect our business. In addition, if a third-party vendor fails to meet other contractual requirements, such as compliance with applicable laws and regulations, or suffers a cyberattack or other security breach, our business operations could suffer economic or reputational harm that could have a material adverse impact on our business and results of operations. Further, if our significant vendors are unable or unwilling to fulfill or renew our existing contracts on current terms, we might not be able to replace the related product or service at the same cost, in a timely fashion, or at all, any of which could negatively impact our profitability, business and operations, in some cases materially.

If we, our third-party providers, or brand partners fail to safeguard our confidential information and/or experience a data security incident, there may be damage to our brand and reputation, material financial penalties and legal claims, which could materially adversely affect our business, results of operations, and financial condition.

We rely on computer systems, hardware, software, technology infrastructure and online sites and networks for both internal and external operations that are critical to our business (collectively, IT Systems). We own and manage some of these IT Systems but also rely on third parties for a range of IT Systems and related products and services, including but not limited to cloud computing services. We and certain of our third-party providers collect, maintain and process data about customers, employees, business partners, brand partners, and others, including Personal Information, as well as proprietary information belonging to our business such as trade secrets (collectively, Confidential Information).

Information security risks for large financial institutions have increased with the adoption of new technologies to conduct financial and other business transactions, including those used on mobile devices, and the increased sophistication and

Tabl e of Contents

activity level of threat actors. These threat actors employ advanced techniques and tools, including AI, to circumvent security controls, evade detection and remove forensic evidence. Consequently, we may face challenges in detecting, investigating, remediating or recovering from future attacks or incidents, which could lead to a material adverse impact on our IT Systems, Confidential Information or business. There can also be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our IT Systems and Confidential Information. Furthermore, given the nature of complex systems, software and services like ours, and the scanning tools that we deploy across our networks and products, we regularly identify and track security vulnerabilities. We are unable to comprehensively apply patches or confirm that measures are in place to mitigate all such vulnerabilities, or that patches will be applied before vulnerabilities are exploited by a threat actor.

We and certain of our third-party providers have in the past been, and in the future may be, subject to cyberattacks and we expect such attacks and incidents to continue in varying degrees. For example, we have suffered cyberattacks relating to unauthorized access to customer accounts, and in such instances, we have notified impacted customers and regulators as required by law. While to date no incidents have had a material impact on our operations or financial results, we cannot guarantee that material incidents will not occur in the future.

In such instances of an adverse impact on our IT Systems or Confidential Information, we may have data loss that could harm our customers and brand partners. This in turn could lead to reputational risk as concerns with security and privacy of data may result in consumers and future and existing brand partners not wanting to use our product offerings. We also have arrangements in place with our partners and other third parties through which we share and receive Confidential Information about their customers who are or may become our customers, which magnifies certain information security issues. The use of our products and services could decline if any compromise of physical or cyber security occurred. In addition, any unauthorized release of Confidential Information or any public perception that we released Confidential Information without authorization, could subject us to legal claims (including class actions) from our partners or their customers, consumers or regulatory enforcement actions (including fines and penalties), which may adversely affect our partner relationships and result in damage to our reputation and our brand, and/or cause us to incur significant incident response, system restoration or remediation and future compliance costs. Any or all of the foregoing could materially adversely affect our business, results of operations, and financial condition. We cannot be certain that our cybersecurity insurance coverage will be adequate for cybersecurity liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that our insurer will not deny coverage as to any future claim.

Business interruptions, including loss of data center capacity, interruption due to cyber-attacks, loss of network connectivity or inability to utilize proprietary software of third-party vendors, could affect our ability to timely meet the needs of our partners and customers and harm our business.

We face numerous and evolving cybersecurity risks that threaten the confidentiality, integrity and availability of our IT Systems and Confidential Information. Our ability, and that of our third-party service providers and brand partners, to protect our IT Systems and Confidential Information against damage, loss or performance degradation from power loss, network failure, cyber-attacks, including ransomware or denial of service attacks, social engineering/phishing, use of AI technologies by bad actors, deepfakes, insider threats, state-sponsored threats, hardware and software defects or malfunctions, human error, computer viruses or other malware, misconfigurations, bugs or other vulnerabilities, malicious code embedded in open-source software, disruptions in telecommunications services, fraud, fires and other disasters and other events, is critical. Because the tactics, techniques and procedures used to obtain unauthorized access, or to disable or degrade systems, change frequently, have become increasingly more complex and sophisticated, and may be difficult to detect for periods of time, we may not anticipate these acts or respond adequately or timely. For example, cybercriminals have increasingly demonstrated advanced capabilities, such as use of zero-day vulnerabilities, and rapid integration of new technology such as GenAI are being used by threat actors to create sophisticated attacks that are increasingly automated, targeted and more difficult to defend against.

To provide many of our services, we must be able to store, retrieve, process and manage large amounts of data, as well as periodically expand and upgrade our IT Systems. Any damage to our IT Systems, including those of our third-party service providers or brand partners, any failure of our network links that interrupts our operations or any impairment of our ability to use our software or the proprietary software of third-party vendors, including impairments due to cyber-attacks, or our inability to execute effective disaster recovery plans could adversely affect our ability to meet our partners’ and customers’ needs and their confidence in utilizing us for future services, as well as other adverse impacts to our business, results of operations, and financial condition. Moreover, due to the interconnectivity and complexity of information systems and their reliance on common systems, software and vendors, disruptions or degradations have had, and will likely continue to have,

Tabl e of Contents

wide-reaching consequences, including the potential to disrupt the overall financial system and other key systems in the global economy.

If we are not able to invest successfully in, and compete at the leading edge of, technological developments in our industry, our revenue and profitability could be materially adversely affected. Moreover, technology transformation projects are complex undertakings, which may result in unanticipated consequences that may adversely impact our business, results of operations, reputation and brand.

Our industry is subject to rapid and significant technological changes. In order to compete in our industry, we need to continue to invest in advanced digital and other technology across all areas of our business, including in access management, vulnerability management, transaction processing, data management and analytics, AI technology, customer interactions and communications, alternative payment and financing mechanisms, authentication technologies and digital identification, tokenization, real-time settlement, and risk management and compliance systems. Incorporating new technologies into our products and services, including developing the appropriate governance and controls consistent with statutory and regulatory expectations, requires substantial expenditures and takes considerable time, and ultimately may not be successful. We expect that new technologies in the payments industry will continue to emerge, and these new technologies may be superior to, or render obsolete, our existing technology.

T he process of developing new products and services, enhancing existing products and services and adapting to technological changes and evolving industry standards is complex, costly and uncertain, and any failure by us to anticipate partners’ and customers’ changing needs and emerging technological trends accurately could significantly impede our ability to compete effectively. Partner and customer adoption is a key competitive factor, and our competitors may develop products, platforms or tec hnologies that become more widely adopted than ours. In addition, we may underestimate the time and expense we must invest in new products and services before they generate significant revenues, if at all.

Moreover, technology transformation projects are complex undertakings that may result in unanticipated and adverse impacts. For example, as previously reported, in 2022 we completed the transition of our credit card processing services to strategic outsourcing partners. In connection with the transition, we experienced unanticipated issues with platform stability, which resulted in outages and interruptions in our call center operations and online customer service platforms. These outages and interruptions resulted in a number of adverse impacts, including the issuance of a consent order by the FDIC to one of our subsidiaries and the requirement that each of our Banks pay civil money penalties of $1 million to the FDIC. More generally, technology transformation projects may present significant risks and unanticipated impacts, including, but not limited to, operational execution errors, platform stability issues, security vulnerabilities, potential losses or corruption of data, changes in security processes, implementation delays and cost overruns, resistance from current partners and account holders, disruption to operations and loss of customization or functionality. These and other potential challenges may adversely impact our business, results of operations, financial condition, and result in regulatory actions and damage to our reputation and our brand .

Our ability to develop, acquire or access competitive technologies or business processes on acceptable terms may also be limited by intellectual property rights that third parties, including those that current and potential competitors, may assert. In addition, our ability to adopt new technologies may be inhibited by the emergence of industry-wide standards, a changing legislative and regulatory environment, an inability to develop appropriate governance and controls, a lack of internal product and engineering expertise, resistance to change from partners or consumers, lack of appropriate change management processes or the complexity of our systems.

The development and use of AI present risks and challenges that may adversely impact our business or customers.

We or our third-party vendors, clients or counterparties have developed or incorporated, or may in the future develop or incorporate, AI technology in certain business processes, services or products. For example, we have developed an AI powered knowledge management solution for our customer care associates designed to achieve the highest possible customer service standards and customer experience. The development and use of AI, however, presents a number of risks and challenges to our business. The legal and regulatory environment relating to AI is uncertain and rapidly evolving, both in the United States and internationally, and includes regulatory schemes targeted specifically at AI as well as provisions in intellectual property, privacy, consumer and data protection, employment and other laws applicable to the use of AI. Several states have already adopted AI-specific frameworks or are considering applying existing consumer and data protection laws to regulate AI. These evolving laws and regulations could require changes in our implementation of AI technology and increase our compliance costs and the risk of non-compliance. AI models, particularly generative AI models, may produce output or take actions that are incorrect, that result in the release of private, confidential or

Tabl e of Contents

proprietary information, that reflect biases included in the data on which they are trained, infringe on the intellectual property rights of others or that are otherwise harmful. In addition, certain uses of AI technology may be subject to regulation, such as requirements to explain how the AI model works and why it generates a particular output, eliminate biases built into the AI model, reduce erroneous outputs, and comply with regulations requiring watermarking AI-generated content and disclosures when consumers are interacting with AI or when decisions are made by AI, as well as requiring documentation or explanation of the basis on which decisions are made. These additional requirements may impose increased costs on our technology and compliance functions, which could put us at a competitive disadvantage and have an adverse effect on our results of operations and financial condition. Further, we may rely on AI models developed by third parties, and would be dependent in part on the manner in which those third parties develop, train and deploy their models, including risks arising from the inclusion of any unauthorized material in the training data for their models, the effectiveness of the steps these third parties have taken to limit the risks associated with the output of their models and other matters over which we may have limited visibility. Any of these risks could expose us to liability or adverse legal or regulatory consequences and harm our reputation and the public perception of our business or the effectiveness of our security measures. Further, if we increase our reliance on AI, our relationships with our associates or their retention may be adversely impacted.

In addition, the adoption of agentic commerce, in which autonomous AI agents initiate and execute transactions on behalf of users, presents novel and complex regulatory, privacy and cybersecurity risks, as well as risks relating to potential integrations with other agentic commerce applications. Legal frameworks governing such autonomous agents remain nascent, with limited direct guidance specific to payments. The interplay between payments regulations, data privacy laws and evolving AI regulations may create uncertainty around compliance and disclosure obligations and potential liability exposure as more participants (including retailers, fintechs and AI developers) enter the agentic commerce ecosystem. The market is still assessing how regulators may apply existing consumer protection and other laws in the context of AI. As agentic commerce solutions scale, we may also see increased instances of erroneous or disputed payments and other adverse impacts.

We are also exposed to risks arising from the use of AI technology by bad actors to commit fraud and misappropriate funds and to facilitate cyberattacks (including sophisticated social engineering attacks and AI-powered hacking). Malicious actors could use AI to create deepfakes of our leadership or other personnel, contributing to loss of customer trust and significant reputational damage in addition to financial harm.

Risks Related to the LoyaltyOne Spinoff

We may be adversely affected by LVI’s ongoing bankruptcy proceedings or pending or future litigation or other disputes involving or relating to LVI.

In November 2021, we completed the spinoff of our former LoyaltyOne segment, consisting of the Canadian AIR MILES® Reward Program and the Netherlands-based BrandLoyalty businesses, into an independent, publicly traded company, LVI. As part of the spinoff, we retained 19% of the outstanding shares of common stock of LVI. On March 10, 2023, LVI and certain of its subsidiaries filed voluntary petitions for relief under Chapter 11 of the United States Bankruptcy Code and in Canada under the Companies’ Creditors Arrangement Act (collectively, the LVI Bankruptcy Proceedings). Pursuant to LVI’s Chapter 11 Plan, LVI and a liquidating trustee also established a liquidating trust to pursue claims, including against us and individuals and entities affiliated with us, in respect of the spinoff transaction. Similarly, in the Canadian LVI Bankruptcy Proceeding, the Canadian subsidiary and/or the Court-appointed monitor have the authority to pursue claims against us and our affiliates.

Though we believe that our process and decision-making with respect to the spinoff transaction were entirely appropriate, we and certain members of our Board of Directors and executive management team have been named as defendants in various litigation matters relating to the spinoff, as follows. In Canada, LoyaltyOne, Co. (the LVI subsidiary that operated its Canadian AIR MILES business) filed suit against us and our general counsel in the Ontario Superior Court of Justice in Canada in October 2023. The lawsuit asserts that our general counsel, in his capacity as a pre-spinoff director of LoyaltyOne, Co., breached various fiduciary duties owed to LoyaltyOne, Co. in connection with the LVI spinoff and certain other transactions, and that Bread Financial assisted in and benefited from those breaches. The lawsuit seeks damages in the amount of $775 million. In the U.S., the liquidating trustee commenced certain actions against us in February 2024. Specifically: (i) in LVI’s U.S. Chapter 11 case in the Bankruptcy Court for the Southern District of Texas, the liquidating trustee filed an adversary proceeding against us and our general counsel alleging actual and constructive fraudulent transfers, among other claims, in connection with the spinoff; and (ii) in Delaware Chancery Court, the liquidating trustee filed an action against us, each of the members of our Board of Directors at the time of the spinoff, and

Tabl e of Contents

certain members of our executive management team alleging breaches of fiduciary duties (and aiding and abetting breaches of fiduciary duties) in connection with the spinoff. Among other things, in each of these actions the liquidating trustee seeks damages in the amount of approximately $750 million plus interest, fees and expenses. In the Texas action, certain of the claims proceeded past a motion to dismiss, and in January 2026 our motion for partial summary judgment was denied. In connection with the spinoff, we entered into a tax matters agreement, and LoyaltyOne, Co. is contesting our entitlement to certain potential tax refunds under the tax matters agreement, and we may also become involved in other disputes with respect to the spinoff agreements with LVI or incur other liabilities or obligations under contractual arrangements with LVI. Finally, a putative federal securities class action complaint was filed in April 2023 against us and current and former members of our management team concerning disclosures made about LVI’s business; although, this lawsuit has been dismissed, and the United States Court of Appeals for the Sixth Circuit affirmed the dismissal in January 2026. For additional detail regarding these pending litigation matters, see Note 20 “Commitments and Contingencies” to our audited Consolidated Financial Statements.

While we believe that each of these suits and any other claims in connection with the spinoff are without merit and we will defend ourselves vigorously, the damages being sought are significant, and litigation is complex with inherently uncertain outcomes. In the event we are found liable or reach a settlement in one or more of these actions, we may be required to pay significant awards or judgments, settlements, costs or fines, and/or we may lose entitlement to certain tax refunds that are currently recorded as other assets on our audited Consolidated Balance Sheets. Moreover, any litigation or dispute arising out of or relating to the spinoff could distract management, result in significant legal and other costs, result in downgrades to our credit ratings and otherwise adversely impact our liquidity, capital resources, access to financing, results of operations and financial condition. We cannot provide any assurance that the insurance coverage that we maintain would be adequate to cover any settlements or liabilities actually incurred in these matters or that our insurers would not seek to deny coverage as to any or all of any such amounts.

RISK MANAGEMENT

Our Enterprise Risk Management (ERM) program is designed to ensure that all significant risks are identified, measured, monitored and addressed. Beginning in 2024, we expanded our ERM Framework to implement BHC-equivalent practices for the Company to supplement the risk management framework that was already in place at our Banks. Our ERM program reflects our risk appetite, governance, culture and reporting. We manage enterprise risk using our Board-approved Risk Appetite Statements and ERM Framework, which includes Board-level oversight, risk management committees, and a dedicated risk management team led by our Chief Risk Officer (CRO). Our Board and executive management determine the level of risk we are willing to accept in pursuit of our objectives, through the ERM program and the well-defined risk appetite statements developed thereunder. We utilize the “three lines of defense” risk management model to assign roles, responsibilities and accountabilities for taking and managing risk.

Governance and Accountability

Board and Board Committees

Our Board of Directors, as a whole and through its committees, maintains responsibilities for the oversight of risk management, including monitoring the “tone at the top” and our risk culture, and overseeing emerging and strategic risks. While our Board’s Risk & Technology Committee has primary responsibility for ERM oversight, the Audit, Compensation & Human Capital and Nominating & Corporate Governance Committees also oversee risks within their respective areas of responsibilities. Each of these Board Committees consists entirely of independent directors and provides regular reports to the full Board regarding matters reviewed at their Committee meetings. Each of our Banks also has a comprehensive ERM Framework, approved by the board of directors of each Bank, which includes governance, compliance, reporting and other requirements.

Risk Management Roles and Responsibilities

In addition to our Board and Board Committees, responsibility for risk management also rests with other individuals and committees throughout the Company, including, the Board of Directors of each of our Banks and committees thereof, various management committees and executive management. Our “three lines of defense” risk management model is defined within our ERM Framework and includes the following:

• The “first line of defense” is comprised of the business areas that engage in activities that generate revenue or provide operational support or services that introduce risk to the Company. As the business owner, the first line of

Tabl e of Contents

defense is responsible for, among other things, identifying, owning, managing and controlling key risks associated with their activities, timely addressing issues and remediation, and implementing processes and procedures to strengthen the risk and control environment. The first line of defense identifies and manages key risk indicators, and risks and controls consistent with our risk appetite. The executive officers who serve as leaders in the “first line of defense,” are responsible for ensuring that their respective functions operate within established risk limits, in accordance with our risk appetite. These leaders are also responsible for identifying risks, considering risk when developing strategic plans, budgets and new products, and implementing appropriate risk controls when pursuing business strategies and objectives. In addition, these leaders are responsible for deploying sufficient financial resources and qualified personnel to manage the risks inherent in our business activities.

• The “second line of defense” consists of an independent ERM team charged with oversight and monitoring of risk within the business. The second line of defense is responsible for, among other things, formulating and overseeing our ERM Framework and related policies and procedures, effectively challenging the first line of defense and identifying, monitoring and reporting on aggregate risks of the business and support functions.

Our risk management team, which is led by our CRO and includes compliance, provides oversight of our risk profile and is responsible for maintaining a compliance program that includes compliance risk assessment, policy development, testing and reporting activities.

The CRO manages our risk management team and is responsible for establishing and implementing standards for the identification, management, measurement, monitoring and reporting of risk on an Enterprise-wide basis. In collaboration with the first line of defense, the CRO is responsible for developing an appropriate risk appetite with corresponding limits that aligns with supervisory expectations, along with proposing our risk appetite to the Board of Directors. The CRO regularly reports to the Risk & Technology Committee on risk management matters.

• The “third line of defense” is comprised of our Global Audit organization. The third line of defense provides an independent review and objective assessment of the design and operating effectiveness of the first and second lines of defense, governance, policies, procedures, processes and internal controls, and reports its findings to executive management and the Board, through the Audit Committee. Global Audit is responsible for performing periodic, independent reviews and testing compliance with our risk management policies and standards, as well as with regulatory guidance and industry best practices. Global Audit also assesses the design of our policies and standards and validates the effectiveness of risk management controls, reporting the results of such reviews to the Audit Committee.

Management Committees

We operate several internal management committees to oversee risk governance and management across the enterprise. The Enterprise Risk Management Committee (ERMC), established in 2025 as part of our initiatives to enhance our enterprise-level risk oversight, is the highest-level risk management committee at the enterprise level. The ERMC is chaired by our CRO and is responsible for overseeing the design and implementation of the ERM Framework, as well as reviewing and monitoring our enterprise risk profile against the defined risk appetite, including making recommendations on such risk appetite and reviewing or escalating matters from, or referred to by, other management-level risk committees. At each of our Banks, we also operate an equivalent risk management committee, along with other management committees for oversight of specific risk categories.

At the enterprise level, we also maintain an Operating Committee (OC), Asset & Liability Management Committee (ALCO) and Capital Management Committee (CMC).

The OC is a management committee composed of senior officers and is chaired by the Senior Vice President of Business Strategy. The OC is responsible for assisting our executive leadership team in overseeing the strategic direction, operational performance and risk management of the Company. With respect to risk management, the OC’s responsibilities include monitoring and evaluating the Company’s operational performance, key financial metrics and risk profile, setting an appropriate risk culture, seeking to resolve risks impacting the achievement of organizational goals and improving risk management discipline.

The ALCO is a management committee comprised of senior officers and is chaired by the Treasurer. The ALCO is responsible for assisting our Board of Directors and our executive leadership team in overseeing, reviewing and monitoring consolidated funding and liquidity, capital, market and investment risks. The ALCO’s responsibilities also include assisting

Tabl e of Contents

our executive leadership team in its management of our capital, funding and liquidity resources, interest rate sensitivity and our balance sheet more broadly.

The CMC is a management committee comprised of senior officers and is chaired by the Head of Corporate & Capital Planning. The CMC is responsible for assisting our Board of Directors and our executive leadership team with capital planning and oversight by monitoring our capital and providing guidance and recommendations on the use and distribution of capital. The CMC’s responsibilities also include review of the capital plan, annual budget and long-range plan, stress testing and making recommendations for capital thresholds and tolerances, capital buffers, capital targets and significant capital decisions.

Risk Categories

During 2025 we made various enhancements to our risk management practices, completing the establishment of eight enterprise-level risk pillars equivalent to the risk pillars that historically have already been in place at our Banks. Each risk pillar includes Board of Directors approved risk appetites, regular management monitoring and oversight, and at a minimum quarterly, and more frequently as appropriate, reporting to the Risk & Technology Committee.

We evaluate the potential impact of a risk event on the Company by assessing the customer, partner, financial, reputational and legal and regulatory impacts, and have divided risk into the following eight pillars: Credit Risk, Market Risk, Capital Risk, Liquidity Risk, Operational Risk, Compliance Risk, Strategic Risk, and Reputational Risk.

Credit Risk

Credit risk is the risk arising from an obligor’s failure to meet the terms of any contract or otherwise perform as agreed. Credit risk is found in all activities in which settlement or repayment depends on counterparty, issuer or borrower performance.

We are exposed to credit risk primarily relating to the credit card and other loans we make to our customers. Our credit risk relates to the risk that consumers who use the co-brand, private label, DTC credit cards, or other loan products that we issue will not repay their loan balances. As part of our efforts to minimize our risk of credit card or other loan charge-offs, we have developed automated proprietary scoring technology and verification procedures to make risk-based underwriting decisions when approving new account holders, establishing or adjusting account holder credit limits and applying our risk-based pricing. The credit risk on our Credit card and other loans balances is quantified through our Allowance for credit losses which is recorded net with Credit card and other loans on our Consolidated Balance Sheets.

Market Risk

Market risk is the risk to current or anticipated earnings, capital or economic value arising from changes in the market value of portfolios, securities or other financial instruments. Market risk includes interest rate risk, which is the risk arising from movements in interest rates. Interest rate risk results from:

• Repricing risk – differences between the timing of rate changes and the timing of cash flows;

• Basis risk – changing rate relationships among different yield curves affecting an organization’s activities;

• Yield curve risk – changing rate relationships across the spectrum of maturities; and

• Options risk – interest-related options embedded in certain products.

Our principal market risk exposures arise from volatility in interest rates and their impact on economic value, capitalization levels and earnings. To the extent we are unable to effectively match the interest rate sensitivity of our assets and liabilities, our net earnings could be materially adversely affected.

Beginning in 2024, as part of the ongoing enhancement of our interest rate risk mitigation tools, we established interest rate risk hedging capabilities, employing interest rate swaps on our credit card loans portfolio to reduce interest rate risk sensitivity. We also use various industry standard market risk measurement techniques and sensitivity analyses to estimate, assess and manage the impact of increases or decreases in interest rates on our Net interest income and economic value of equity under various interest rate scenarios. We believe these approaches provide useful insights into the interest rate risk inherent in our business, and how to effectively manage such risk. As of December 31, 2025, based on the composition of

Tabl e of Contents

our fixed rate and floating rate assets and liabilities on our Consolidated Balance Sheets, our Net interest income and economic value of equity are expected to increase in higher rate scenarios and decrease in lower rate scenarios.

One standard sensitivity measure we use calculates the impact on Net interest income from a hypothetical instantaneous and sustained 100 basis point increase or decrease in interest rates. Due to the mix of fixed and floating rate assets and liabilities on our Consolidated Balance Sheet as of December 31, 2025, this hypothetical instantaneous 100 basis point increase or decrease in interest rates would have an insignificant impact on our annual Net interest income. Actual changes in our net interest income will depend on many factors, and therefore may differ from our estimated risk to changes in interest rates. In addition to this industry standard measure, we also consider the potential impact of alternative interest rate scenarios in our internal interest rate risk management decisions, such as larger rate shocks (higher than plus-or-minus 100 basis points), or steepening and flattening yield curve scenarios. We also regularly review the sensitivity of our interest rate risk metrics to changes in our key modeling assumptions.

In recent years, we have implemented a new and improved asset liability management model that is capable of assessing a broader array of interest rate risk scenarios, including a wider range of interest rate and balance sheet assumptions. The interest rate risk model that we use in deriving these measures incorporates contractual information, behavioral assumptions and modeling methodologies, which project borrower and deposit behavior patterns. Other market inputs, such as interest rates, market prices and interest rate volatility, are also critical components of our interest rate risk measures. We regularly update and enhance these assumptions, scenarios and model as we believe appropriate to reflect our best assessment of the market environment and the expected behavior patterns of our existing assets and liabilities. There are inherent limitations, however, in any methodology used to estimate the exposure to changes in market interest rates. For example, this sensitivity analysis contemplates only certain movements in interest rates and is performed at a particular point in time based on our existing Consolidated Balance Sheet. Accordingly, changes in customer behavior and strategic actions that management may take in the future may cause the composition of our assets and liabilities to change from the assumptions and projections previously used in scenarios considered, and could cause our actual Net interest income and economic value of equity to differ from previous sensitivity analysis outcomes.

Capital Risk

Capital risk refers to the potential threat to an institution’s financial stability or safety and soundness due to inadequate capital resources to support business operations and safeguard against unexpected losses. These risks can arise from various stressed operating conditions, including macroeconomic, credit, liquidity, market, and regulatory factors.

We manage capital in alignment with the risk characteristics of our business, the economic environment, and the expectations of regulators and stockholders. This includes considering the impact of capital stress testing in our assessment of capital adequacy. Capital risk is managed by balancing stakeholder interests, such as safety and soundness, profit, growth, value, and operational and non-financial factors, while reasonably considering both near-term and long-term impacts. Our policies, risk appetite limits, and capital ratio operating targets ensure that we and the Banks maintain sufficient capital to withstand capital stress events over a specified period. The CPC and ALCO assist the Board of Directors and management in overseeing, reviewing, and monitoring capital risk.

Liquidity Risk

Liquidity risk is the risk arising from an inability to meet obligations when they come due. Liquidity risk includes the inability to access funding sources or manage fluctuations in funding levels. Liquidity risk also results from an organization’s failure to recognize or address changes in market conditions, or failure to prepare for anticipated growth with appropriate levels of liquidity.

Our primary liquidity objective is to maintain a liquidity profile that will enable us, even in times of stress or market disruption, to fund our existing assets and pay liabilities when due at an acceptable cost. Policy and risk appetite limits require us and the Banks to ensure that sufficient liquid assets are available to survive liquidity stresses over a specified time period. In accordance with our contingency funding plan, we also maintain access to funding markets to provide liquidity to satisfy additional contingency needs. The ALCO assists the Board of Directors and management in overseeing, reviewing, and monitoring liquidity risk.

Tabl e of Contents

Operational Risk

Operational risk is the risk arising from inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events. Operational losses result from internal or external fraud, inadequate or inappropriate employment practices and workplace safety, failure to meet obligations involving customers, partners, products and business practices, damage to physical assets, business disruption and systems failures, and/or failures in execution, delivery and process management.

Operational risk is inherent in all business activities and can impact us through direct or indirect financial loss, damage to our brand, customer dissatisfaction and legal and regulatory penalties. We have implemented an operational risk framework that is defined in our Operational Risk Management Policy.

As part of our Operational Risk Program, we maintain an information and cybersecurity risk management program, which is led by our Chief Information Security Officer (CISO) and is designed to protect the confidentiality, integrity, and availability of critical information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The Program leverages security technology, a team of internal and external experts, and operations based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) 2.0 consisting of controls designed to govern, protect, detect, identify, respond and recover from cybersecurity incidents. We continue to invest in enhancements to cybersecurity capabilities and engage in industry and government forums to promote advancements to the broader financial services cybersecurity ecosystem. For further discussion of our cybersecurity risk management program, see “Item IC.—Cybersecurity.”

Compliance Risk

Compliance risk is the risk arising from violations of laws or regulations, or from nonconformance with prescribed practices, internal policies and procedures, or ethical standards. This risk exposes an organization to a variety of adverse impacts, including enforcement or other supervisory actions, fines, penalties, payment of damages, restrictions on business activities and the voiding of contracts.

Our Compliance organization is responsible for establishing and maintaining our Compliance Risk Management Program, pursuant to which we seek to manage and mitigate compliance risk by assessing, controlling, monitoring, measuring and reporting the legal and regulatory risks to which we are exposed.

Strategic Risk

Strategic risk is the risk arising from adverse business decisions, poor implementation of business decisions or lack of responsiveness to changes in the industry and operating environment. This risk is a function of an organization’s strategic goals, business strategies, resources and quality of implementation.

We seek to manage strategic and business risks through risk controls embedded in these processes, as well as risk management oversight over business goals. Existing product performance is reviewed periodically by various of our Committees and executive management.

Reputational Risk

Reputational risk is the risk arising from negative public opinion. This risk may impair competitiveness by affecting the ability to establish new relationships or services, or continue servicing existing relationships.

Reputational risk is inherent in all activities and requires us to exercise caution in dealing with stakeholders, such as customers, brand partners, other contractual counterparties, investors, regulators, employees and the community. Executive management is responsible for considering the reputational risk implications of business activities and strategies and ensuring the relevant subject matter experts are engaged.

Tabl e of Contents

Model Risk

Beginning in 2025 we removed model risk as a unique, stand-alone risk pillar and have instead allocated model risk across the eight other risk pillars. Model Risk is the risk arising from decisions based on incorrect or misused model outputs and reports. Model risk occurs primarily for three reasons:

• a model may have fundamental errors, including with respect to the model’s construction, or interpretation, and produce inaccurate outputs when viewed against its design objective and intended business uses;

• a model may be used incorrectly or inappropriately, or there may be a misunderstanding about its limitations and assumptions, including models being calibrated on historical cycles and correlations which may not be predictive of the future, or failures to update assumptions appropriately or in a timely manner ; or

• the model produces results that are not compliant with fair lending or other laws and regulations.

We manage model risk through a comprehensive model governance framework, including policies and procedures for model development, maintenance and performance monitoring activities, independent model testing and validation, and change management capabilities. We assess model performance on an ongoing basis and model risk is assessed across business processes, weighted by risk pillars and managed through our Model Lifecycle Management Process.

Management’s Discussion and Analysis of Financial Condition and Results of Operations

Quantitative and Qualitative Disclosures About Market Risk

Financial Statements and Supplementary Data

Changes in and Disagreements with Accountants on Accounting and Financial Disclosure

Controls and Procedures

Other Information

Disclosure Regarding Foreign Jurisdictions that Prevent Inspections

PART III

Directors, Executive Officers and Corporate Governance

Executive Compensation

Security Ownership of Certain Beneficial Owners and Management and Related Stockholder Matters

Certain Relationships and Related Transactions, and Director Independence

Principal Accounting Fees and Services

PART IV

Exhibits and Financial Statement Schedules

Form 10-K Summary

Table of Contents

This report includes trademarks, such as Bread ® , Bread Financial ® , Bread Cashback ® , Bread Rewards™, Bread Pay ® and Bread Savings ® , which are protected under applicable intellectual property laws and are the property of Bread Financial Holdings, Inc. or our subsidiaries. This report also contains trademarks, service marks, copyrights and trade names of other companies, which are the property of their respective owners. Solely for convenience, our trademarks and trade names referred to in this report may appear without the ® or ™ symbols, but such references are not intended to indicate, in any way, that we will not assert, to the fullest extent under applicable law, our rights or the right of the applicable licensor to these trademarks and trade names.

Throughout this report, unless stated or the context implies otherwise, the terms “Bread Financial,” “BFH,” the “Company,” “we,” “our” or “us” refer to Bread Financial Holdings, Inc. and its subsidiaries on a consolidated basis. References to “Parent Company” refer to Bread Financial Holdings, Inc. on a parent-only standalone basis. In addition, in this report we may refer to the retailers and other companies with whom we do business as our “partners,” “brand partners,” or “clients,” provided that the use of the term “partner,” “partnering” or any similar term does not mean or imply a formal legal partnership, and is not meant in any way to alter the terms of Bread Financial’s relationship with any third parties. We offer our credit products through our insured depository institution subsidiaries, Comenity Bank and Comenity Capital Bank, which together are referred to herein as the “Banks.”

Table of Contents

Cautionary Note Regarding Forward-Looking Statements

This Form 10-K and the documents incorporated by reference herein contain forward-looking statements within the meaning of Section 27A of the Securities Act of 1933, as amended, and Section 21E of the Securities Exchange Act of 1934, as amended. Forward-looking statements give our expectations or forecasts of future events and can generally be identified by the use of words such as “believe,” “expect,” “anticipate,” “estimate,” “intend,” “project,” “plan,” “likely,” “may,” “should” or other words or phrases of similar import. Similarly, statements that describe our business strategy, outlook, objectives, plans, intentions or goals also are forward-looking statements. Examples of forward-looking statements include, but are not limited to, statements we make regarding, and the guidance we give with respect to, our anticipated operating or financial results, future financial performance and outlook, future dividend declarations or stock repurchases and future economic conditions.

We believe that our expectations are based on reasonable assumptions. Forward-looking statements, however, are subject to a number of risks and uncertainties that are difficult to predict and, in many cases, beyond our control. Accordingly, our actual results could differ materially from the projections, anticipated results or other expectations expressed in this report, and no assurances can be given that our expectations will prove to have been correct. Factors that could cause the outcomes to differ materially include, but are not limited to, the following:

• macroeconomic conditions, including market conditions, inflation, interest rates, labor market conditions, recessionary pressures or concerns over a prolonged economic slowdown, and the related impact on consumer spending behavior, payments, debt levels, savings rates and other behaviors;

• global political and public health events and conditions, including significant shifts in trade policy, such as changes to, or the imposition of, tariffs and/or trade barriers and consequently any economic impacts, volatility, uncertainty and geopolitical instability resulting therefrom, as well as ongoing wars and military conflicts, and natural disasters;

• future credit performance of our customers, including the level of future delinquency and charge-off rates;

• loss of, or reduction in demand for services and/or products from, significant brand partners or customers in the highly competitive markets in which we operate, including competition from new and non-traditional competitors, such as financial technology companies, and with respect to new products, services and technologies, such as the emergence or increase in popularity of agentic commerce, digital payment platforms and currencies and other alternative payment and deposit solutions;

• the concentration of our business in U.S. consumer credit;

• increases or volatility in the Allowance for credit losses that may result from the application of the current expected credit loss (CECL) model;

• inaccuracies in the models and estimates on which we rely, including our credit risk management models and the amount of our Allowance for credit losses;

• increases in fraudulent activity;

• failure to identify, complete or successfully integrate or disaggregate business acquisitions, divestitures and other strategic initiatives, including, with respect to divested businesses, any associated guarantees, indemnities or other liabilities;

• the extent to which our results are dependent upon our brand partners, including our brand partners’ financial performance and reputation, as well as the effective promotion and support of our products by brand partners;

• increases in the cost of doing business, including market interest rates;

• our level of indebtedness and inability to access financial or capital markets, including asset-backed securitization funding or deposits markets;

• restrictions that limit our Banks’ ability to pay dividends to us;

• pending and future litigation;

• pending and future federal, state, local and foreign legislation, executive action, regulation, supervisory guidance and regulatory and legal actions including, but not limited to, those related to financial regulatory reform and consumer financial services practices, as well as any such actions that would place limits on credit card interest rates or late fees, interchange fees or other charges;

• increases in regulatory capital requirements or other support for our Banks;

• failures, or breaches in our operational or security systems, including as a result of cyberattacks, unanticipated impacts from technology modernization projects, failure of our information security controls or otherwise;

• loss of consumer information or other data due to compromised physical or cyber security, including disruptive attacks from financially motivated bad actors and third-party supply chain issues;

Table of Contents

• any liability or other adverse impacts arising out of or related to the spinoff of our former LoyaltyOne segment or the bankruptcy filings of Loyalty Ventures Inc. (LVI) and certain of its subsidiaries, including the pending litigation against us in connection with the spinoff; and

• those factors discussed in Item 1A of this Form 10-K, elsewhere in this Form 10-K and in the documents incorporated by reference in this Form 10-K.

If one or more of these or other risks or uncertainties materialize, or if our underlying assumptions prove to be incorrect, actual results may vary materially from what we projected.

Any forward-looking statements contained in this Form 10-K speak only as of the date made, and we undertake no obligation, other than as required by applicable law, to update or revise any forward-looking statements, whether as a result of new information, subsequent events, anticipated or unanticipated circumstances or otherwise.

Tabl e of Contents

PART I

Item 1.    Business.

We are a tech-forward financial services company that provides simple, personalized payment, lending, and saving solutions to millions of U.S. consumers. Our payment solutions, including Bread Financial general purpose credit cards and savings products, empower our customers and their passions for a better life. Additionally, we deliver growth for some of the most recognized brands in travel and entertainment, health and beauty, jewelry and specialty apparel through our private label and co-brand credit cards and pay-over-time products providing choice and value to our shared customers.

We have continued to diversify our product mix with our brand partners through growth of our co-brand credit card programs, which, relative to our private label credit card programs, have higher credit sales per account and an improved credit risk mix that generally results in higher transactor balances, lower delinquencies and late fees, as well as lower losses. We also offer our proprietary credit cards along with the expansion of our Bread Pay products, which are our installment loans and “split-pay” offerings.

Our partner base consists of large consumer-based businesses, including well-known brands such as (alphabetically) AAA, Academy Sports + Outdoors, Caesars, Dell Technologies, Hard Rock International, the NFL, Raymour & Flanigan, Saks Fifth Avenue, Signet, Ulta and Victoria’s Secret, as well as small- and medium-sized businesses (SMBs). Our partner base is well diversified across a broad range of industries and retail verticals, including travel and entertainment, specialty apparel, health and beauty, jewelry, sporting goods, technology and electronics, as well as home and furniture. We believe our comprehensive suite of payment, lending and saving solutions, along with our related marketing and data and analytics, offers us a significant competitive advantage with products relevant across all customer segments (Gen Z, Millennial, Gen X and Baby Boomers). The breadth and quality of our product and service offerings, coupled with our customer-centric approach, have enabled us to establish and maintain long-standing partner relationships. We operate our business through a single reportable segment, with our primary source of revenue being from Interest and fees on loans from our various credit card and other loan products, and to a lesser extent from contractual relationships with our brand partners.

With our range of offerings, we provide relevant products across consumer segments, including Gen Z and Millennials who are more likely to be drawn to cash flow management products such as our pay-over-time installment loans and “split-pay” offerings as compared to Gen X and Baby Boomers, while Gen X and Baby Boomers generally gravitate more toward rewards and the convenience of a co-brand or private label credit card. In addition, we continue to scale and optimize our direct-to-consumer lending, payment and saving products for new and existing customers, including through our proprietary credit cards and Bread Savings products. We also continue to diversify and optimize our loan portfolio, prioritizing our investment in strong and profitable partners, industries and affinity brands, while continuing to develop our Bread Pay products, which are our installment loans and “split-pay” offerings, and exploring various strategic business opportunities adjacent to our core co-brand and private label credit card business (business adjacencies) in an evolving payments, macroeconomic and regulatory environment. As of December 31, 2025, we had $18.8 billion in Credit card and other loans from approximately 34 million open and outstanding accounts, with an average balance for the year ended December 31, 2025 of $1,047 for accounts with outstanding balances.

Our Primary Product Offerings

Our primary product offerings consist of our: (i) co-brand and private label credit card programs with retailers and other brand partners; (ii) direct-to-consumer (DTC), proprietary general purpose credit cards; (iii) Bread Pay products; and (iv) Bread Savings products. These product offerings are not exclusive, and, where appropriate, we seek to introduce partners and customers to our other product offerings.

Co-Brand and Private Label Credit Card Lending

Our core business is working with many of the country’s best-known brands and retailers (who we call our partners or brand partners) to drive sales and loyalty through their co-brand and private label credit card programs. In these programs, we (through our Banks) are the credit card issuer and lender to our partners’ customers, and we also service the loans and provide a variety of other related services, which are described in more detail below. Our co-brand and private label partner base, with nearly 100 brands and numerous online merchants, consists of many large consumer-based businesses, including well-known brands such as (alphabetically) AAA, Academy Sports + Outdoors, Caesars, Dell Technologies, Hard Rock International, the NFL, Raymour & Flanigan, Saks Fifth Avenue, Signet, Ulta and Victoria’s Secret. Our partners benefit from our customer insights and analytics, with each of our branded credit card programs tailored to our partner’s brand and

Tabl e of Contents

their unique customers. Our co-brand and private label program agreements with our brand partners are generally long-term, exclusive contracts, with terms typically ranging from 5 to 10 years.

Our co-brand credit cards are general purpose credit cards that can be used to purchase goods and services from the applicable partner, as well as any other retailers wherever cards from the named card network (American Express, MasterCard or Visa) are accepted. Credit extended under our co-brand credit cards is typically on standard terms only. Charges made using a co-brand credit card, particularly charges made outside of the co-brand partner, generate interchange revenue for us. Relative to our private label loan portfolio, our co-brand loan portfolio generally has lower revenue yields. In addition, our co-brand customers generally have higher credit scores and therefore higher credit lines, with the majority of our co-brand customers having a Vantage score in excess of 660. Our average outstanding co-brand credit card account balance for the year ended December 31, 2025 was $1,821. For the year ended December 31, 2025, customer spending on our co-brand credit cards comprised approximately 52% of our credit sales, which we believe enables us to capture incremental and non-discretionary purchases as consumer spending patterns shift in response to evolving economic conditions.

Private label credit cards are partner-branded credit cards used by consumers exclusively for the purchase of goods and services from that particular partner. Credit under a private label credit card typically is extended either on standard terms, which means accounts are assessed periodic interest charges using an agreed non-promotional fixed and/or variable interest rate, or pursuant to a promotional financing offer, involving deferred interest, reduced interest or no interest during a set promotional period (typically between six and 60 months). We typically do not charge interchange or other fees to our partners when customers use our private label credit cards to purchase our partners’ goods and services. For the year ended December 31, 2025, customer spending on our private label credit cards comprised approximately 43% of our credit sales. Private label credit card loan balances are typically smaller, with an average outstanding account balance for the year ended December 31, 2025 of $775; although, we do offer “big ticket” purchase financing and financing for medical and dental procedures with certain private label brand partners, which often involve larger amounts. Relative to our co-brand loan portfolio, our private label loan portfolio generally has higher revenue yields. In addition, our private label customers generally have lower credit scores and therefore lower credit lines, and are generally more likely to be delinquent in their payments, have accounts with higher annual percentage rates (APRs) and have more late fees assessed.

We offer deferred interest rate, as well as low or no interest rate promotional financing to customers in certain of our brand partner programs; in some of these programs, we charge an initial fee to customers entering into promotional plan financing arrangements. In both our co-brand and private label partner relationships, we receive a merchant discount fee from our partners to compensate us for all or part of the forgone interest income associated with promotional financing. The terms of these promotions vary by partner, but generally the longer the deferred interest, reduced interest or interest-free period, the greater the partner’s merchant discount fee. Some offers permit customers to pay for a purchase in equal monthly payments with no interest or at a reduced interest rate over a specified period of time, rather than deferring or delaying interest charges. Our credit card program agreements may also provide for royalty payments, or retailer share arrangements, to our brand partners based on purchase volume or if certain contractual incentives are met, such as if the economic performance of the program exceeds a contractually defined threshold, or for new accounts acquired. These amounts are recorded as a reduction of revenue in the period incurred.

In addition to the retailer share arrangements, our program agreements typically provide that the parties will develop a marketing plan to support the program, along with the terms by which a joint marketing budget is funded. Marketing costs for which we are responsible under the plan are expensed as incurred. Our program agreements also typically provide that the parties will develop the terms of the rewards program linked to the use of our product, such as opportunities to receive double rewards points for purchases made on a product, along with the allocation of costs between the parties related to the rewards program. The credit card programs we operate typically provide rewards points, which are redeemable for a variety of products or awards, or merchandise discounts earned by the customer having achieved a preset spending level. Other programs may include cash back rewards or statement credits. The rewards can be mailed to the cardholder, accessed digitally, or may be immediately redeemable at the partner’s retail location. Costs of cardholder rewards arrangements are recognized when the rewards are earned by the cardholders and are generally recorded as a reduction of revenue.

As a general matter, the financial terms and conditions governing our co-brand and private label credit card products vary by program and product type and may change over time; although, we seek to standardize the non-financial provisions consistently across all products to the extent possible. The terms and conditions of all of our credit card products are governed by a cardholder agreement and applicable laws and regulations. We assign each credit card account a credit limit when the account is initially opened by the customer. Thereafter, we may increase or decrease individual credit limits from time to time, at our sole discretion, based primarily on our evaluation of the customer’s creditworthiness and ability to pay.

Tabl e of Contents

For the vast majority of accounts, periodic interest charges are calculated using the daily balance method, which results in daily compounding of periodic interest charges. Cash advances are not subject to an interest grace period, and for some credit card programs we do not provide an interest grace period for promotional purchases. In addition to periodic interest charges, we may impose other charges and fees on credit card accounts, including, as applicable and provided in the cardholder agreement, late fees where a customer has not paid at least the minimum payment due by the required due date, as well as paper statement fees, which we charge on certain credit card accounts receiving monthly paper statements for certain of our brand partner programs. Typically, each customer with an outstanding amount due on his or her credit card account must make a minimum payment each month; a customer may pay the total amount due at any time without penalty. We also may enter into arrangements with delinquent customers to modify their payments and/or waive or reduce interest charges and/or fees; we do not offer programs involving the forgiveness of principal. We make it easier for customers to make payments by offering recurring automatic payment functionality, as well as other electronic payment methods on all cardholder accounts.

Our program agreements generally permit termination in various circumstances, including a breach of the agreement or in the event the brand partner becomes insolvent, files bankruptcy, undergoes a change in ownership or has a material adverse change in financial condition. Certain of our program agreements also provide that upon termination, the brand partner has either the option or the obligation to purchase the loans generated with respect to its program. Correspondingly, in certain cases when we acquire a new brand partner, we purchase its existing credit card loan portfolio, if any, from either the brand partner or the operator of its prior card program.

Direct-to-Consumer Credit Cards

Our DTC, proprietary general purpose credit cards consist of our Bread Cashback American Express Credit Card and our Bread Rewards American Express Credit Card. Our DTC credit cards are an important component of our overall product offerings and allow us to capture incremental, often non-discretionary spend and build and retain customer relationships. As a DTC product, our proprietary credit cards are not dependent upon the performance of our brand partners or impacted by any partner revenue-sharing obligations. We believe that our DTC credit cards will continue to increase our total addressable market, including within the Millennial and Gen Z customer segments. Our Bread Cashback American Express Credit Card offers unlimited 2% cashback, no annual fee, no foreign transaction fees, premium protection benefits, American Express lifestyle benefits, and instant mobile acquisition and web-to-wallet provisioning for use anywhere ApplePay is accepted. Our Bread Rewards American Express Credit Card offers 3% rewards points on gas station, grocery store, dining and utility purchases, among other benefits, as well as instant mobile acquisition and web-to-wallet provisioning for use anywhere ApplePay is accepted. We currently issue our DTC credit cards on the American Express network. Our average outstanding DTC credit card account balance for the year ended December 31, 2025 was $2,295.

Bread Pay

Bread Pay is our payment technology solution for our pay-over-time products, which includes both our installment loan and “split-pay” offerings, as described in more detail below. Through Bread Pay, we offer an omnichannel solution for more than 1,400 SMB retailers and merchants, and we continue to explore and pursue growth opportunities in various business adjacencies, including through the integration of our suite of Bread Pay products into third-party platforms to gain efficient distribution of our lending solutions.

Our Bread Pay offerings and on-boarding capabilities enhance our growth prospects across the industries in which we lend and increase the addressable market of our Bread Pay partners. Bread Pay also offers our existing co-brand and private label credit card partners a broader digital product suite and additional white-label product solutions for those customers preferring a non-revolving loan with fixed repayment terms such as our installment loan and “split-pay” offerings. We offer a flexible platform and robust suite of application programming interfaces (APIs) that allow merchants and partners to seamlessly integrate online point-of-sale financing and other digital payment products.

Our Bread Pay installment loans are fixed extensions of credit where the customer pays down the outstanding balance in monthly installments, primarily over a 3 to 84 month period. The terms and conditions of all of our installment loan products are governed by a customer agreement and applicable laws and regulations. Installment loans are generally assessed interest charges over the term of the loan using fixed interest rates. In addition to periodic interest charges, for certain of our installment loans, we may impose other charges and fees, including late fees, as set forth in the applicable customer agreement. Most of our installment loans are offered through contractual agreements with our Bread Pay partners and may include additional fees paid by the partner, particularly where the installment loan carries a below-market interest rate.

Tabl e of Contents

Our Bread Pay “split-pay” loans are short-term, interest-free financing, to be repaid by the customer in four equal installments, with the first payment due at the time of purchase and the remaining three payments due in subsequent two-week intervals. The terms and conditions of all of our split-pay loan products are governed by a customer agreement and applicable laws and regulations. For certain of our “split pay” loans, we may impose other charges and fees, including late fees, as set forth in the applicable customer agreement.

Bread Savings

Bread Savings refers to our DTC, or retail, deposit products, primarily in the form of certificates of deposit and high-yield savings accounts, including traditional and Roth Individual Retirement Accounts. Our Bread Savings products support loan growth and improve our funding mix diversification. In recent years, retail deposits have become an increasingly important source of funds for us, growing 11% from $7.7 billion as of December 31, 2024 to $8.5 billion as of December 31, 2025. As of December 31, 2025, average retail deposits represented 48% of our total funding sources, which is comprised of retail and wholesale deposits, and secured and unsecured borrowings. As of that same date, retail deposits that exceeded applicable Federal Deposit Insurance Corporation (FDIC) insurance limits, which are generally $250,000 per depositor, per insured bank, per ownership category, were estimated to be $638 million, or 5% of Total deposits. The measurement of estimated uninsured deposits aligns with regulatory guidelines.

Our online Bread Savings platform is scalable, allowing us to expand without having to rely on a traditional “brick and mortar” branch network. We continue to focus on growing our Bread Savings operations and believe we are well-positioned to continue to benefit from the consumer-driven shift from branch banking to direct banking. We seek to differentiate our deposit product offerings from our competitors on the basis of rates we pay on deposits, the quality of our customer service and the competitiveness of our digital banking capabilities.

Services Supporting our Primary Product Offerings

Our primary product offerings, as described above, are supported and enhanced by numerous services and capabilities that we provide, including: (i) risk management, underwriting and funding services; (ii) credit card and other loan processing and servicing; (iii) fraud prevention; (iv) marketing, and data and analytics; and (v) our digital and mobile capabilities.

Risk Management, Underwriting and Funding Services. We provide risk management solutions, underwriting and funding services for our co-brand, private label, and DTC credit card programs, as well as our Bread Pay partnerships.

We process millions of credit card applications each year using internal algorithms, external credit bureau data and automated proprietary scoring technology to make responsible risk-based underwriting decisions when approving new accounts and establishing credit limits. Credit quality is monitored on a regular and consistent basis. This information helps us adjust our strategies when required to better evaluate individual credit risk. We continue to enhance our credit risk management by evaluating and investing in new technology and advancing our data and modeling capabilities, including through the potential use of deep learning and AI tools. Doing so allows us to navigate changing macroeconomic conditions and stay within our well-established risk appetite.

Credit Card and Other Loan Processing and Servicing . We manage and service the accounts we originate for our co-brand and private label credit card programs, as well as our DTC credit cards and Bread Pay products. Since 2022, Fiserv, a leading global provider of outsourced payments and financial services technology solutions, has provided our core credit card processing services, which has helped us enable improved speed to market, including the ability to quickly and seamlessly add new products and capabilities that benefit our partners and cardholders. It has also strengthened our ability to ensure we are operating on a compliant core platform, and enables efficient integration of digital technology, while supporting our data and analytics capabilities and improving operational efficiencies. See also “—Technology/Systems” below for additional information regarding our approach toward the systems and technologies we use in the operation of our business.

Our customer care operations are influenced by our retail heritage, and we view every customer touch point as an opportunity to provide an exceptional experience. Our customer care operations offer omnichannel servicing, including through phone, mail, email, text, smartphone application and the web. We blend domestic and off-shore locations as an important part of our servicing strategy, to maintain service availability beyond typical work hours in the United States and to optimize our cost structure. We provide focused training programs in all areas, and have developed an AI powered knowledge management solution for our customer care associates, in order to achieve the highest possible customer service standards and customer experience. We monitor our performance by conducting surveys with our partners and our

Tabl e of Contents

customers and in our 2025 survey, conducted by Medallia, Inc., we have received a Net Promoter Score of 54.5; survey results above 50 are considered excellent or superior by industry standards. In addition, in 2025 for the twentieth consecutive time, we were certified by BenchmarkPortal as a Center of Excellence for the quality of our operations, the most prestigious customer care industry ranking attainable. Founded by Purdue University in 1995, BenchmarkPortal is a global leader of best practices for customer care centers.

Our efforts to collect on delinquent accounts are made first by our collection department. After an account becomes 30 days past due, a proprietary collection scoring algorithm automatically scores the risk of the account becoming further delinquent; based upon the level of risk indicated, a collection strategy is deployed, which may include tech-enabled, targeted collections strategies to engage with cardholders in the most efficient communication channel. If after exhausting all in-house collection efforts we are unable to collect on the account, we may engage collection agencies or outside attorneys to continue those efforts, or sell the charged-off balances.

Fraud Prevention. We monitor our customers’ accounts to help prevent, detect, investigate and resolve fraud across the various products we offer. We employ a variety of fraud mitigation controls during the lifecycle of accounts, including capabilities related to account acquisition, transaction processing and account management. We use proprietary custom fraud models developed by our data scientists, together with externally-sourced scores and solutions used across the industry, to seek to identify fraud and protect our stakeholders, including our customers and brand partners. We leverage device intelligence technology to risk-assess digital applications and online servicing channels, and we subject monetary transactions to authorization and approval scrutiny through a variety of techniques designed to help identify and halt fraudulent transactions, including machine-learning models, rules-based decision-making logic, report analysis, data integrity checks and manual account reviews. We have a cross-functional team of risk, fraud and security professionals that regularly evaluate and enhance our fraud-prevention capabilities and monitor emerging industry trends and solutions.

Marketing, and Data and Analytics . Through our integrated marketing programs and campaigns, we design and implement strategies that assist our partners in acquiring, retaining and expanding customer engagement to drive a more loyal, frequent shopper that increases customer lifetime value. Our programs capture transaction data that we analyze to better understand consumer behavior, which we use to increase the effectiveness of both our and our partners’ marketing activities. Through our marketing technology, data and analytics capabilities, including the use of machine learning and AI technology, we focus on data insights that drive actionable strategies and enhance revenue growth and customer retention. We use multi-channel marketing platforms and capabilities, including in-store, web, permission-based email, permission-based mobile messaging and direct mail to engage customers in the channels of their choice.

Digital and Mobile Capabilities . We are constantly seeking to improve our digital and mobile capabilities, in order to support and enhance our product offerings, drive growth for our brand partners and improve the customer experience. We seek to provide a seamless, personalized digital and mobile experience that is responsive to our customers’ evolving expectations. Recent improvements to our digital and mobile capabilities include API enhancements, enriched software development kits, virtual card commercialization, and our enhanced, fully integrated Bread Financial mobile app. We are continually seeking to enhance customers’ self-service capabilities in our digital channels, which allow customers to address their needs when and how they want, while also generating efficiencies by reducing the cost to serve our customers.

In addition, through our Enhanced Digital Suite, a group of marketing and credit application features, we help our brand partners capitalize on online trends by bringing through more qualified applicants, a higher credit sales conversion rate and a higher average purchase value. Enhanced Digital Suite includes a unified software development kit that provides access to our broad suite of products; it also promotes credit payment options, relevant to the customer, earlier in the shopping experience. The credit application is simple and easy, offers prefilled fields and prescreens customers in real-time, allowing for immediate credit approval without leaving the brand partner’s site, thereby improving the customer’s shopping experience and our brand partner’s checkout conversion rate. Across all product offerings, we remain focused on creating an exceptional digital and mobile experience for our customers, which we believe improves our competitive position and drives future growth.

For additional information relating to our business, business strategy and products and services, see “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations – Business Environment.”

Tabl e of Contents

Technology/Systems

We leverage information and technology to help achieve our business objectives and to develop and deliver products and services that satisfy our brand partners’ and customers’ needs, all while seeking to enhance our governance and control over the availability, quality and security of our data.

A key part of our strategic focus is the development and use of resilient, efficient and flexible computer and operational systems to deliver growth for our brand partners, support sophisticated marketing and account management strategies, service our customers, and develop and scale new and diversified products. We believe the continued development and integration of these systems is an important part of our efforts to reduce costs, improve quality and security, and provide faster, more flexible technology services. Consequently, we continuously review capabilities and develop or acquire systems, processes and competencies to meet our unique business requirements, including strategic investments in cloud capabilities, machine learning and AI, emerging technologies and automation, and data analytics.

As part of our continuous efforts to review and improve our technologies, we may either develop such capabilities internally or use third-party service providers who have the ability to deliver technology that is of higher quality, lower cost, or both. Specifically, we rely on third parties to help us deliver systems and operational infrastructure, these relationships include (but are not limited to): Amazon Web Services and Microsoft for our cloud infrastructure, and Fiserv for our credit card processing services, as previously reported.

We are committed to safeguarding our customers’ and our own information and technology, implementing backup and recovery systems, and generally require the same of our third-party service providers. We take measures that are designed to mitigate against known attacks and use internal and external resources to scan for vulnerabilities in the platforms, systems, and applications necessary for delivering our products and services. We cannot guarantee, however, that our cybersecurity risk management program and processes, or those of our third-party service providers, including our policies, controls or procedures, will be fully implemented, adhered to, or effective in protecting both our customers’ and our own information and technology from cyberattacks. For a discussion of the risks associated with our use of technology systems, see “Part I—Item 1A. Risk Factors” under the heading “Cybersecurity, Technology and Vendor Risks.”

Disaster and Contingency Planning

We operate, either internally or through third-party service providers, multiple data processing centers to store and otherwise process our customer transaction data. Given the significant amount of data that we or our third-party service providers manage, much of which is real-time data to support our partners’ commerce initiatives, we have established redundant capabilities for our data centers. We have a number of safeguards in place that are designed to protect us from data-related risks and in the event of a disaster, to restore our data centers’ systems. For additional information, see “Item 1A. Risk Factors – Risk Management – Operational Risk.”

Protection of Intellectual Property and Other Proprietary Rights

We rely on a combination of patents, copyrights, trademarks, and trade secrets (and corresponding laws relating to such intellectual property), confidentiality procedures, contractual provisions, and other similar measures to protect our technology and proprietary information used in our business. We generally enter into confidentiality agreements with our employees, consultants and third-party business partners to protect our proprietary information. We control access to and distribution of our technology and its related documentation and other proprietary information through licenses and contractual restrictions. Despite our efforts to protect our technology and proprietary rights, unauthorized parties may attempt to copy or otherwise obtain the use of our technology that we consider proprietary, and third parties may attempt to develop similar technology independently. We have a number of domestic and foreign patents and pending patent applications. We pursue protection of our trademarks through registration, primarily in the United States, although we also have either registered trademarks or applications pending for certain marks in other countries. We maintain a trade secret program for certain proprietary intellectual property for which we choose not to seek patent or copyright protection. No individual patent, copyright, or trademark is material to us or our business.

Competition

The markets for our products and services are highly competitive, continuously changing, highly innovative, and subject to regulatory scrutiny and oversight. We compete with a wide range of businesses, including major financial institutions and financial technology firms, or fintechs. Some of our current and potential competitors may be larger than we are, have

Tabl e of Contents

larger customer bases, greater brand recognition, longer operating histories, a dominant or more secure position, broader geographic scope, volume, scale, resources, and market share than we do, or offer products and services that we do not offer. Other competitors may be smaller or younger companies that are more agile in responding quickly to regulatory and technological changes. Many of the areas in which we compete evolve rapidly with innovative and disruptive technologies, emerging competitors, business alliances, shifting consumer habits and user needs, price sensitivity on the part of merchants and consumers, and frequent introductions of new products and services. The consumer credit and payments industry is highly competitive and we face an increasingly dynamic industry as emerging technologies enter the marketplace.

In competing to acquire and retain the business of brand partners and customers, our primary competition is with other financial institutions whose marketing focus has been on developing credit card programs with attractive value propositions, high spend and consequentially large revolving balances. These competitors further drive their businesses by cross-selling their other financial products to their cardholders. We also compete for brand partners, including on program financial and other terms, underwriting standards and capabilities, marketing expertise, service levels, the breadth of our product and service offerings, digital, technological and integration capabilities, brand recognition and reputation. We focus on retailers and brand partners that understand the competitive advantage of building a loyal customer base. We have a long history of effectively analyzing transaction data we obtain through partner loyalty programs and managing our lending programs, including customer specific transaction data and overall consumer spending patterns, to develop and implement successful marketing strategies for our partners.

As a form of payment, our customers have numerous consumer credit and other payment options available to them, and our products compete with cash, checks, electronic bank transfers, debit cards, general purpose credit cards (including those on the Visa, MasterCard, American Express and Discover Card networks), various forms of consumer installment loans and split-pay products, other private label credit card brands, prepaid cards, digital wallets and mobile payment solutions, and other tools that simplify and personalize shopping experiences for consumers and merchants. Among other factors, our products compete with these other forms of payment on the basis of interest rates and fees, credit limits, reward programs and other product features. As the payments industry continues to evolve, in the future we expect increasing competition from new and non-traditional competitors, such as fintechs, and with respect to new products, services and technologies, such as the emergence or increase in popularity of agentic commerce (in which autonomous AI agents initiate and execute transactions on behalf of users), digital payment platforms and currencies, including stablecoins, and other alternative payment and deposit solutions. For example, in July 2025, President Trump signed the Guiding and Establishing National Innovation for U.S. Stablecoins Act, or the “GENIUS Act,” into law, establishing a federal licensing and supervisory framework for payment stablecoins and their issuers. The GENIUS Act may accelerate and increase the competition that non-traditional financial institutions pose to banks’ payment services, as well as adverse impacts to our deposit business and the value proposition of our customer loyalty and rewards programs. To the extent the use of stablecoins matures, stablecoins could achieve broad adoption through regulated issuance by traditional banks, fintechs and other market entrants, as well as being integrated in closed loop systems operated by large digital ecosystems and platforms. Moreover, some of our competitors, including new and emerging competitors in the digital and mobile payments space, are not subject to the same regulatory requirements or legislative scrutiny to which we are, which could place us at a competitive disadvantage.

In our retail deposits business, we have acquisition and servicing capabilities similar to other direct-banking competitors. We compete for deposits with traditional banks, and in seeking to grow our Bread Savings platform, we compete with other banks that have direct-banking models similar to ours. Competition among direct banks is intense because online banking provides customers the ability to quickly and easily deposit and withdraw funds, and open and close accounts in favor of products and services offered by competitors. As noted above, to the extent the use of stablecoins matures, stablecoins may also serve as an alternative to traditional deposits.

Supervision and Regulation

We operate primarily through our insured depository institution subsidiaries, Comenity Bank (CB) and Comenity Capital Bank (CCB), which, as noted above, together are referred to herein as the “Banks.” Federal and state laws and regulations extensively regulate the operations of the Banks. This regulatory framework is intended to protect individual consumers, depositors, the Deposit Insurance Fund (DIF) of the FDIC and the U.S. banking system as a whole, rather than for the protection of stockholders and creditors. Set forth below is a summary of the significant laws and regulations applicable to each of CB and CCB. The description that follows is qualified in its entirety by reference to the full text of the statutes, regulations, and supervisory policies that are described. Such statutes, regulations, and supervisory policies are subject to ongoing review by Congress, state legislatures, and federal and state regulatory agencies. A change in any of the statutes,

Tabl e of Contents

regulations, or supervisory policies applicable to CB and/or CCB, or in the leadership or direction of our regulators, could have a material effect on our operations or financial condition. Further, while the current Presidential Administration and the congressional majorities in the U.S. Senate and House of Representatives support a reduced regulatory burden, the scope of regulation and the intensity of supervision will likely remain uncertain even in the current regulatory and political environments.

CB is a Delaware-chartered bank operating as a credit card bank under a Competitive Equality Banking Act (CEBA) exemption from the definition of “bank” under the Bank Holding Company Act (BHC Act). To maintain its status as a CEBA credit card bank, CB must continue to comply with the following requirements:

• engage only in credit card operations;

• do not accept demand deposits or deposits that the depositor may withdraw by check or similar means for payment to third parties;

• do not accept any savings or time deposits of less than $100,000, except for deposits pledged as collateral for its extensions of credit;

• maintain only one office that accepts deposits; and

• do not engage in the business of making commercial loans (except credit card loans to certain small businesses).

CB is subject to prudential regulation, supervision and examination by the Delaware Office of the State Bank Commissioner, as its chartering authority, and the FDIC as its primary federal regulator. CB’s deposits are insured by the FDIC up to the applicable deposit insurance limits in accordance with applicable law and FDIC regulations. CB is not a member of the Federal Reserve System.

CCB is a Utah-chartered industrial bank. As an industrial bank, CCB is exempt from the definition of “bank” under the BHC Act. CCB is subject to prudential regulation, supervision and examination by the Utah Department of Financial Institutions (UDFI), as its chartering authority, and the FDIC as its primary federal regulator. CCB’s deposits are insured by the FDIC up to the applicable deposit insurance limits in accordance with applicable law and FDIC regulations. CCB is not a member of the Federal Reserve System.

Planned Merger of CB with and into CCB

On December 17, 2025, we filed applications with the federal and respective state banking regulators for permission to merge CB with and into CCB, with CCB being the surviving entity. Pending regulatory approval and the expiration of any applicable waiting periods, the merger of CB and CCB is expected to occur in the second half of 2026. The proposed merger is designed to streamline and reduce the regulatory complexity of our banking operations and is expected to result in a number of operational and financial benefits, including a simplified regulatory framework, improved access to the retail deposit funding market, greater flexibility in managing our securitization activities, and other liquidity and capital risk management benefits. The merger is not expected to have a significant impact on our consolidated financial position, results of operations, or liquidity. Assuming the merger is consummated, the resulting bank, CCB, would remain headquartered in Draper, Utah, and would have total assets of approximately $21.4 billion, total deposits of approximately $14.1 billion, and Tier I capital of $2.8 billion, in each case as of December 31, 2025, on a pro forma basis. The resulting bank would be a Utah-chartered industrial bank that is not a member of the Federal Reserve System. We cannot provide any assurance that the merger will be approved, or that we will be successful in realizing the expected operational and financial benefits of the merger.

Consumer Financial Protection Bureau Supervision

The Consumer Financial Protection Bureau (CFPB) promulgates regulations for the federal consumer financial protection laws and supervises and examines large banks (those with more than $10 billion of total assets) with respect to those laws. Banks in a multi-bank organization, such as CB and CCB, are subject to supervision and examination by the CFPB with respect to the federal consumer financial protection laws if at least one bank reports total assets over $10 billion for four consecutive quarters, which CCB has, and thus both Banks are subject to supervision and examination by the CFPB with respect to federal consumer protection laws.

Regulation of Bread Financial Holdings, Inc.

Because neither CB nor CCB is considered a “bank” within the meaning of the BHC Act, the Parent Company is not a bank holding company (BHC) subject to regulation thereunder. If any of our entities became subject to regulation as a

Tabl e of Contents

BHC, among other things, BFH and our non-bank subsidiaries would be subject to regulation, supervision and examination by the Board of Governors of the Federal Reserve System (Federal Reserve Board or FRB) and our operations would be limited to activities that are closely related to banking. If the Parent Company were to qualify as a financial holding company (FHC), operations could include those activities that are financial in nature. However, under Section 616 of the Dodd-Frank Act, any company that directly or indirectly controls an insured depository institution is required to serve as a source of financial strength to its subsidiary institution and may not conduct its operations in an unsafe or unsound manner. This doctrine is commonly known as the “Source of Strength” doctrine. As such a company, this means that BFH must stand ready to use available resources to provide adequate capital funds to the Banks during periods of financial stress or adversity and should maintain the financial flexibility and capital-raising capacity to obtain additional funding resources to support the Banks. This support may be required at times when BFH might otherwise have determined not to provide it or when doing so is not otherwise in the interests of BFH or its stockholders or creditors. BFH’s failure to meet its obligation to serve as a source of strength to the Banks may be considered an unsafe and unsound banking practice. In that regard, although the Parent Company is not a BHC, we seek to maintain capital levels and ratios in excess of the minimums required for a BHC.

Separately, under Utah state law the Parent Company is subject to examination by the UDFI. Under that statutory authority, the UDFI subjects the Parent Company to periodic inspections to determine the degree to which it serves as source of financial and managerial strength to CCB, and to understand the business activities conducted outside CCB.

Regulation of the Banks

Federal and state banking laws and regulations govern, among other things, the scope of a bank’s business, the investments a bank may make, the reserves against deposits a bank must maintain, the loans a bank makes and collateral it takes, the activities of a bank with respect to mergers and acquisitions, management practices, and numerous other aspects of our operations.

Examinations by regulators consider not only compliance with applicable laws, regulations, and supervisory policies of the agency, but also capital levels, asset quality, risk management effectiveness, the ability and performance of management and the board of directors, the effectiveness of internal controls, earnings, liquidity, and various other factors. Following examinations by its bank regulators, the Banks receive supervisory findings and ultimately are assigned supervisory ratings. Examination reports, supervisory ratings, and other actions under this supervisory framework, which are considered confidential supervisory information, can impact the conduct, growth, and profitability of our operations, possibly to a significant degree.

Regulatory Capital Requirements

The Banks are subject to certain risk-based capital and leverage ratio requirements under the Basel Committee on Banking Supervision standardized approach for U.S. banking organizations adopted by the FDIC. These rules implement the Basel III international regulatory capital standards in the United States, as well as certain provisions of the Dodd-Frank Act. These quantitative calculations are minimums, and the FDIC may determine that a bank, based on size, complexity, or risk profile, must maintain a higher level of capital to operate in a safe and sound manner.

Under the Basel III capital rules, the Banks’ assets, exposures, and certain off-balance sheet items are subject to risk weights used to determine CB’s and CCB’s risk-weighted assets, which then are used to determine the minimum capital that CB and CCB should keep as reserves to reduce the risk of insolvency. These risk-weighted assets are used to calculate the following minimum capital ratios for the Banks:

• Common Equity Tier 1 (CET1) Risk-Based Capital Ratio – the ratio of CET1 capital to risk-weighted assets. In the calculation of CET1 capital, we follow the Basel III Standardized Approach. CET1 capital primarily includes common stockholders’ equity subject to certain regulatory adjustments and deductions, including for goodwill and intangible assets, net, certain deferred tax assets, and accumulated other comprehensive income or loss.

• Tier 1 Risk-Based Capital Ratio – the ratio of Tier 1 capital to risk-weighted assets. In the calculation of Tier 1 capital, we follow the Basel III Standardized Approach. Tier 1 capital is primarily comprised of CET1 capital, perpetual preferred stock, and certain qualifying capital instruments. For us, until the fourth quarter of 2025 when we completed our first issuance of perpetual preferred stock, this ratio was the same as the CET1 Risk-Based Capital Ratio because we did not have any perpetual preferred stock or other qualifying capital instruments that would adjust the ratio.

Tabl e of Contents

• Total Risk-Based Capital Ratio – the ratio of total capital, including CET1 capital, Tier 1 capital, and Tier 2 capital, to risk-weighted assets. In the calculation of total capital, we follow the Basel III Standardized Approach. Tier 2 capital primarily includes qualifying subordinated debt and qualifying allowance for credit losses.

The Banks are also subject to the requirements of a fourth ratio, the Leverage ratio, which itself does not incorporate risk-weighted assets:

• Tier 1 Leverage Ratio – the ratio of Tier 1 capital to quarterly average assets (net of goodwill, certain other intangible assets, and certain other deductions).

The Basel III capital rules require a minimum CET1 Risk-Based Capital Ratio of 4.5%, a minimum Tier 1 Risk-Based Capital Ratio of 6.0%, and a minimum Total Risk-Based Capital Ratio of 8.0%. In addition to meeting the minimum capital requirements, under the Basel III capital rules, the Banks must also maintain the required 2.5% Capital Conservation Buffer to avoid becoming subject to restrictions on capital distributions and certain discretionary bonus payments to executive management. The Capital Conservation Buffer is calculated as a ratio of CET1 capital to risk-weighted assets, and it essentially increases the required minimum risk-based capital ratios. As a result, the Banks must maintain a CET1 Risk-Based Capital Ratio of at least 7%, a Tier 1 Risk-Based Capital Ratio of at least 8.5% and a Total Risk-Based Capital Ratio of at least 10.5% to avoid being subject to the noted restrictions. The Tier 1 Leverage Ratio is not impacted by the Capital Conservation Buffer; the required minimum Tier 1 Leverage Ratio for all banks and BHCs is 4%.

A bank, however, may be considered well-capitalized while remaining out of compliance with the Capital Conservation Buffer. To be considered well-capitalized, the Banks must maintain the following capital ratios which are in excess of the minimums described above:

• CET1 Risk-Based Capital Ratio of 6.5% or greater;

• Tier 1 Risk-Based Capital Ratio of 8.0% or greater;

• Total Risk-Based Capital Ratio of 10.0% or greater; and

• Tier 1 Leverage Ratio of 5.0% or greater.

Failure to be well-capitalized or to meet minimum capital requirements could result in certain mandatory and possible additional discretionary actions by regulators that, if undertaken, could have a material adverse effect on our operations or financial condition. Failure to be well-capitalized or to meet minimum capital requirements could also result in restrictions on the Banks’ ability to pay dividends or otherwise distribute capital or to receive regulatory approval of applications. The Banks seek to maintain capital levels and ratios in excess of the minimum regulatory requirements inclusive of the 2.5% Capital Conservation Buffer. As of December 31, 2025, the Banks’ regulatory capital ratios were above the well-capitalized standards, inclusive of the Capital Conservation Buffer.

Dividends

Bread Financial Holdings, Inc. is a legal entity separate and distinct from the Banks. Declaration and payment of cash dividends on, or repurchases of, our equity securities depends upon cash dividend payments to Bread Financial Holdings, Inc. by the Banks, which are our primary source of revenue and cash flow. As state-chartered banks, under Delaware or Utah law, as applicable, the Banks are subject to regulatory restrictions on the payment and amounts of dividends. Further, the ability of the Banks to pay dividends to Bread Financial Holdings, Inc. is also subject to their profitability, financial condition, capital expenditures and other cash flow requirements, and any such dividends are also subject to the approval of the Board of Directors of the applicable Bank. No assurances can be given that the Banks will, in any circumstances, pay dividends to Bread Financial Holdings, Inc.

The payment of dividends by the Banks and Bread Financial Holdings, Inc. and any repurchases of our equity securities may also be affected by other factors, such as the requirement to maintain adequate capital above regulatory requirements. The Federal Banking Agencies, being the Office of the Comptroller of the Currency (OCC), the FRB and the FDIC, have indicated that paying dividends that deplete a bank’s capital base to an inadequate level would be an unsafe and unsound banking practice; a bank may not pay any dividend if payment would cause it to become undercapitalized or if it already is undercapitalized. Moreover, the Federal Banking Agencies have issued policy statements that provide that banks should generally only pay dividends out of current operating earnings. The Federal Banking Agencies have the authority to prohibit banks from paying a dividend if it is deemed that such payment would be an unsafe or unsound practice. The FDIC also may require its prior consent before a bank pays a dividend that exceeds retained earnings or comes from the surplus account of common or preferred stock.

Tabl e of Contents

Prompt Corrective Action and Safety and Soundness

Under applicable “prompt corrective action” (PCA) statutes and regulations, insured depository institutions, such as the Banks, are placed into one of five capital categories, ranging from “well capitalized” to “critically undercapitalized.” The PCA statute and regulations provide for progressively more stringent supervisory measures as an institution’s capital category declines. An institution that is not well capitalized is generally prohibited from accepting brokered deposits and offering interest rates on deposits higher than the prevailing rate in its market. An undercapitalized institution must submit an acceptable restoration plan to the appropriate Federal Banking Agency. One requisite element of such a plan is that the institution’s parent holding company guarantee the institution’s compliance with the plan, subject to certain limitations. As of December 31, 2025, the Banks qualified as “well capitalized” under applicable regulatory capital standards.

Insured depository institutions may also be subject to potential enforcement actions of varying levels of severity by the Federal Banking Agencies for unsafe or unsound practices in conducting their businesses, or for violation of any law, rule, regulation, condition imposed in writing by the agency, or term of a written agreement with the agency. In more serious cases, enforcement actions may include:

• the issuance of directives to increase capital;

• the issuance of formal and informal agreements;

• the imposition of civil monetary penalties;

• the issuance of a cease and desist order that can be judicially enforced;

• the issuance of removal and prohibition orders against officers, directors, and other institution-affiliated parties;

• the termination of the institution’s deposit insurance;

• the appointment of a conservator or receiver for the institution; and

• the enforcement of such actions through injunctions or restraining orders based upon a judicial determination that the FDIC, as receiver, would be harmed if such equitable relief was not granted.

Reserve Requirements

FRB regulations require insured depository institutions to maintain cash reserves against their transaction accounts, primarily interest-bearing and regular checking accounts, as well as cardholder credit balances. The required cash reserves can be in the form of vault cash and, if vault cash does not fully satisfy the required cash reserves, in the form of a balance maintained with the Federal Reserve Banks; we maintain a significant majority of our liquidity portfolio on deposit within the Federal Reserve banking system.

The regulations authorize different ranges of reserve requirement ratios depending on the amount of transaction account balances held. A zero percent reserve requirement ratio is applied to transaction balances below the reserve requirement exemption amount. In addition, transaction account balances maintained over the reserve requirement exemption amount and up to a certain amount, known as the low reserve tranche, may be subject to a reserve requirement ratio of not more than 3 percent (and which may be zero), and transaction account balances over the low reserve tranche may be subject to a reserve requirement ratio of not more than 14 percent (and which may be zero). The reserve requirement exemption and the low reserve tranche are both subject to adjustment on an annual basis, as applicable, by the FRB. Effective March 26, 2020, in response to the COVID-19 pandemic, the reserve requirement ratios on all net transaction accounts were reduced to zero percent, thereby eliminating reserve requirements for all depository institutions. The annual indexation of the reserve requirement exemption amount and the low reserve tranche for the years 2021-2026 was required by statute, but did not affect depository institutions’ reserve requirements, which remain at zero.

Federal Deposit Insurance

The deposits of the Banks are insured up to applicable limits by the DIF of the FDIC. The current standard maximum deposit insurance amount is $250,000 per depositor, per insured depository institution, per ownership category, in accordance with applicable FDIC regulations.

The FDIC uses a risk-based assessment system that imposes insurance premiums based on a risk matrix that takes into account the risks attributable to different categories and concentrations of an insured depository institution’s assets and liabilities, and supervisory rating. The base for insurance assessments is the average consolidated total assets less the average tangible equity capital of an institution. Assessment rates are calculated using formulas that take into account the risk of the institution being assessed.

Tabl e of Contents

Under the Federal Deposit Insurance Act (the FDIA), the FDIC may terminate an institution’s deposit insurance upon a finding that the institution has engaged in unsafe and unsound practices, is in an unsafe and unsound condition or has violated any applicable law, regulation, order or condition imposed by the FDIC.

Cross Guaranty Provisions

The cross guaranty provisions of the FDIA require each insured depository institution controlled by the same parent company to be financially responsible for the failure or resolution costs of any affiliated insured depository institution. Generally, the amount of the cross guaranty liability is equal to the estimated loss to the DIF for the resolution of the affiliated institution(s) in default. The FDIC’s claim under the cross guaranty provision is superior to claims of stockholders of the insured depository institution or its parent company and to most claims arising out of obligations or liabilities owed to affiliates of the institution, but is subordinate to claims of depositors, secured creditors and holders of subordinated debt (other than affiliates) of the commonly controlled insured depository institution. The FDIC may decline to enforce the cross guaranty provision if it determines that a waiver is in the best interest of the DIF.

Depositor Preference

The FDIA provides that, in the event of the liquidation or other resolution of an insured depository institution, the claims of depositors of the institution, including the claims of the FDIC as subrogee of insured depositors, and certain claims for administrative expenses of the FDIC as a receiver, will have priority over other general unsecured claims against the institution. If an insured depository institution fails, insured and uninsured depositors, along with the FDIC, will have priority in payment ahead of unsecured, non-deposit creditors, including the parent company, with respect to any extensions of credit they have made to such insured depository institution.

Restrictions on Transactions with Affiliates and Insiders

Sections 23A and 23B of the Federal Reserve Act and the FRB’s Regulation W limit the extent to which the Parent Company and its non-bank affiliates (including non-bank subsidiaries) can borrow or otherwise obtain credit from, or engage in other covered transactions with either of the Banks, which may have the effect of limiting the extent to which either Bank can finance or otherwise supply funds to the Parent Company or its non-bank affiliates. “Covered transactions” are subject to quantitative and qualitative limits and include:

• loans or extensions of credit;

• purchases of or investments in securities;

• purchases of assets, including assets subject to an agreement to repurchase;

• acceptance of securities as collateral for a loan or extension of credit;

• a derivative transaction to the extent that the transaction causes the bank to have a credit exposure to the affiliate; or

• the issuance of a guarantee, acceptance, or letter of credit.

In addition, with certain exceptions, each loan or extension of credit by either Bank to the Parent Company or its non-bank affiliates must be secured by collateral with a market value ranging from 100% to 130% of the amount of the loan or extension of credit, depending on the type of collateral. Further, all transactions between the Banks and the Parent Company or any non-bank affiliates must be on arm’s length terms and consistent with safe and sound banking practices. The Banks are also prohibited from purchasing low-quality assets from the Parent Company or any non-bank affiliates.

The Banks are also subject to Sections 22(g) and 22(h) of the Federal Reserve Act, and the FRB’s implementing Regulation O as made applicable to the Banks by the regulations of the FDIC. These provisions impose limitations on loans and extensions of credit by the Banks to their executive officers, directors and principal stockholders and their related interests, as well as those of the Banks’ affiliates. The limitations restrict the terms and aggregate amount of such transactions. Regulation O also imposes certain recordkeeping and reporting requirements.

Volcker Rule

Section 619 of the Dodd-Frank Act, commonly known as the Volcker Rule, restricts the ability of banking entities, such as Bread Financial Holdings, Inc. and the Banks, from (i) engaging in proprietary trading and (ii) investing in or sponsoring covered funds, subject to certain limited exceptions. Under the Volcker Rule, the term covered funds is defined as any issuer that would be an investment company under the Investment Company Act but for the exemption in section 3(c)(1) or 3(c)(7) of that Act, which includes collateralized loan obligation securities, collateralized debt obligation securities, and

Tabl e of Contents

certain foreign funds. There are also several exemptions from the definition of covered funds, including, among other things, loan securitizations, joint ventures, certain types of foreign funds, entities issuing asset-backed commercial paper, and registered investment companies. We do not engage in proprietary trading or invest in or sponsor covered funds.

Incentive Compensation

The Federal Banking Agencies have issued comprehensive guidance intended to ensure that the incentive compensation policies of banking organizations do not undermine the safety and soundness of those organizations by encouraging excessive risk-taking. The incentive compensation guidance sets expectations for banking organizations concerning their incentive compensation arrangements and related risk management, control and governance processes. The incentive compensation guidance, which covers all employees that have the ability to materially affect the risk profile of an organization, either individually or as part of a group, is based upon three primary principles: (i) balanced risk-taking incentives; (ii) compatibility with effective controls and risk management; and (iii) strong corporate governance. Any deficiencies in compensation practices that are identified may be incorporated into the organization’s supervisory ratings, which can affect its ability to make acquisitions or take other actions. In addition, under the incentive compensation guidance, a banking organization’s federal supervisor may initiate enforcement action if the organization’s incentive compensation arrangements pose a risk to the safety and soundness of the organization. Further, the Basel III capital rules limit discretionary bonus payments to bank executives if the institution’s regulatory capital ratios fail to exceed certain thresholds.

The Dodd-Frank Act requires the Federal Banking Agencies and the Securities and Exchange Commission (SEC) to establish joint regulations or guidelines prohibiting incentive-based payment arrangements at specified regulated entities, including the Banks, that encourage inappropriate risks, (i) by providing an executive officer, employee, director or principal stockholder with excessive compensation, fees, or benefits, or (ii) that could lead to material financial loss to the entity. Whenever these joint regulations or guidelines are finalized, which does not appear imminent, the manner and form may impact our executive compensation.

The Dodd-Frank Act also requires publicly traded companies to give stockholders a non-binding “say-on-pay” vote on executive compensation at least every three years and on so-called “golden parachute” payments in connection with approvals of mergers and acquisitions. We have held our “say-on-pay” vote annually.

USA PATRIOT Act

Under Title III of the USA PATRIOT Act, all financial institutions are required to take certain measures to identify their customers, prevent money laundering, monitor customer transactions, and report suspicious activity to U.S. law enforcement agencies. Financial institutions are also required to respond to requests for information from Federal Banking Agencies and law enforcement agencies. Information sharing among financial institutions for the above purposes is encouraged by an exemption granted to complying financial institutions from the privacy provisions of the Gramm-Leach-Bliley Act (GLBA) and other privacy laws. Financial institutions that hold correspondent accounts for foreign banks or provide private banking services to foreign individuals are required to take measures to avoid dealing with certain foreign individuals or entities, including foreign banks with profiles that raise money laundering concerns, and are prohibited from dealing with foreign “shell banks” and persons from jurisdictions of particular concern. The Federal Banking Agencies and the Secretary of the Treasury have adopted regulations to implement several of these provisions.

Furthermore, financial institutions are required to establish internal anti-money laundering programs. These programs must include policies, procedures, processes and other internal controls designed to monitor, identify, manage and mitigate the risk of money laundering or terrorist financing posed by a financial institution’s products, services, customers and geographic locale. These controls include procedures and processes to detect and report suspicious transactions, perform customer due diligence, respond to requests from law enforcement, identify and verify a legal entity customer’s beneficial owner(s) at the time a new account is opened and to understand the nature and purpose of the customer relationship, and meet all recordkeeping and reporting requirements related to particular transactions involving currency or monetary instruments. These programs must be coordinated by a compliance officer, undergo annual independent audits to assess effectiveness, and require training of employees. The effectiveness of a financial institution in combating money laundering activities is a factor to be considered in any application submitted by a financial institution to engage in a merger transaction under the Bank Merger Act. Failure to comply with these regulations may result in fines, penalties, lawsuits, regulatory sanctions, reputational damage, or restrictions on business. Our Banks have in place a Bank Secrecy Act and USA PATRIOT Act compliance program and engage in very few transactions of any kind with foreign financial institutions or foreign persons.

Tabl e of Contents

Office of Foreign Assets Control Regulations

The United States government has imposed economic sanctions that affect transactions with designated foreign countries, nationals, and others. These are typically known as the “OFAC rules” based on their administration by the U.S. Treasury Department Office of Foreign Assets Control (OFAC). The OFAC administered sanctions targeting countries take many different forms. Generally, OFAC sanctions contain one or more of the following elements: (i) restrictions on trade with or investment in a sanctioned country, including prohibitions against direct or indirect imports from and exports to a sanctioned country and prohibitions on U.S. persons engaging in financial transactions relating to making investments in, or providing investment-related advice or assistance to, a sanctioned country; and (ii) a blocking of assets in which the government or specially designated nationals of the sanctioned country have an interest, by prohibiting transfers of property subject to U.S. jurisdiction (including property in the possession or control of U.S. persons). Blocked assets (e.g., property and bank deposits) cannot be paid out, withdrawn, set off, or transferred in any manner without a license from the OFAC. Failure to comply with these sanctions could have serious legal and reputational consequences.

Third-Party Risk Management

The FDIC, along with the other Federal Banking Agencies, issued final guidance on managing risks associated with third-party relationships in June 2023. The guidance states that sound third-party risk management takes into account the level of risk, complexity, and size of the bank and the nature of the third-party relationship. In July 2024, the Federal Banking Agencies released a joint statement on banks’ arrangements with third parties to deliver bank deposit products and services. The joint statement cautions that operational and compliance risks arise when banks hand over substantial control of key functions to a third-party. Banks can manage risk through policies and procedures governing organizational structures, lines of reporting, expertise and staffing, internal controls and audit functions. Banks can also conduct risk assessments to assess controls for mitigating risk relating to specific third-party arrangements, engage in due diligence of third-party relationships, set appropriate contractual relationships, and establish monitoring routines to identify risks.

Identity Theft

The Fair and Accurate Credit Transactions Act of 2003 (FACT Act) amended the Fair Credit Reporting Act (FCRA) to combat identity theft, along with its implementing regulation, Regulation V, require insured state nonmember banks, such as the Banks, to establish programs to address risks of identity theft. The rules require financial institutions and creditors to develop and implement a written identity theft prevention program that is designed to detect, prevent, and mitigate identity theft in connection with certain existing accounts or the opening of new accounts. The rules include guidelines to assist entities in the formulation and maintenance of programs that would satisfy these requirements. In addition, the rules establish special requirements for any credit and debit card issuers that are subject to the jurisdiction of the FDIC to assess the validity of notifications of changes of address under certain circumstances. The Banks implemented an ID Theft Prevention Program (Program), approved by their Boards of Directors, in compliance with these requirements. The Banks review and make enhancements to the Program on an ongoing basis.

Open Banking

In October 2024, the CFPB finalized a rule implementing a section of the Dodd-Frank Act, which requires certain entities, including the Banks, to, among other things, make available to a consumer, upon request, information in its control or possession concerning the consumer financial product or service that the consumer obtained from that entity. The final rule also requires data providers holding a consumer account, such as the Banks, to establish a developer interface satisfying certain data security specifications and other standards, through which the data provider can receive requests for, and provide specific types of data covered by the rule in electronic, usable form to authorized third parties, including data aggregators. Under the final rule, data providers are prohibited from charging consumers or third parties fees for processing these consumer data requests. The final rule also places certain data security, authorization, and other obligations on third parties accessing covered data from data providers, which could include the Banks when acting in certain capacities. The final rule also requires third parties to limit their collection, use, and retention of the data received to only what is reasonably necessary to provide the consumers’ requested product or service. In October 2024, industry trade associations filed a lawsuit against the CFPB alleging the agency exceeded its statutory authority and asking the court to vacate the rule. In July 2025, the District Court for the Eastern District of Kentucky granted the motion by the CFPB to stay the proceedings while the CFPB conducts a rulemaking to revise the final rule. In August 2025, the CFPB published an advance notice of proposed rulemaking requesting input on certain aspects of the rule it was reconsidering, and in October 2025 the District Court entered a preliminary injunction barring enforcement of the rule while it is being reconsidered by the CFPB.

Tabl e of Contents

Community Reinvestment Act

The Community Reinvestment Act of 1977 (CRA) is intended to encourage banks to help meet the credit needs of their service areas, including low- and moderate-income neighborhoods, consistent with safe and sound business practices. The relevant Federal Banking Agency, the FDIC in the Banks’ case, examines each bank and assigns it a public CRA rating. A bank’s record of fair lending compliance is part of the resulting CRA examination report. CRA performance evaluations are based on a four-tiered rating system: Outstanding, Satisfactory, Needs to Improve and Substantial Noncompliance. CRA performance evaluations are considered in evaluating applications for, e.g., mergers, acquisitions and applications to open branches. The Banks each received a CRA rating of “Outstanding” at their most recent CRA examinations.

In October 2023, the Federal Banking Agencies issued a final rule overhauling the process and substantive tests used by the agencies to assess a bank’s record of meeting the credit needs of its community. In February 2024, industry trade associations filed a lawsuit against the Federal Banking Agencies alleging the agencies exceeded their statutory authority and asking the court to vacate the final rule. In March 2024, the District Court for the Northern District of Texas enjoined the Federal Banking Agencies from enforcing the final rule. In July 2025, the Federal Banking Agencies jointly issued a proposal to rescind the 2023 final rule. The agencies announced that because the 2023 final rule was subject to legal action and had not taken effect, the agencies continue to apply the regulatory framework in effect prior to the 2023 final rule.

Consumer Protection Regulation and Supervision

We are subject to the federal consumer financial protection laws implemented by the CFPB, as well as by other federal agencies including the FDIC and Federal Trade Commission. The CFPB has broad rulemaking authority that has impacted, and may continue to impact, the Banks’ operations, including with respect to credit card late fees and other amounts that we may charge. For example, the CFPB’s rulemaking authority may allow it to change regulations adopted in the past by other regulators, including regulations issued under the Truth in Lending Act by the FRB. We are also subject to certain state consumer protection laws, and state attorneys general and other state officials are empowered to enforce certain federal consumer protection laws and regulations. State authorities have increased their focus on and enforcement of consumer protection rules. These federal and state consumer protection laws apply to a broad range of our activities and to various aspects of our business, and include laws relating to interest rates, fair lending, disclosures of credit terms and estimated transaction costs to consumer borrowers, debt collection practices, the use and provision of information to consumer reporting agencies, and the prohibition of unfair, deceptive, or abusive acts or practices in connection with the offer, sale, or provision of consumer financial products and services. Each Bank has in place an effective compliance management system to comply with these laws and regulations.

In March 2024 the CFPB published a final rule that would have significantly reduced the safe harbor amount for late fees that credit card issuers are authorized to charge. In April 2025 the United States District Court for the Northern District of Texas entered an order and final judgment, pursuant to which the CFPB’s credit card late fee rule was vacated. As a result of the rule being vacated, it will have no force or effect, and the late fee safe harbor amounts will continue to be set as they were prior to the CFPB’s late fee rulemaking.

More generally, the CFPB’s ability to rescind, modify or interpret past regulatory guidance could reduce fee income, and increase our compliance costs and litigation exposure. Further, the CFPB has broad authority to enforce the prohibitions of “unfair, deceptive or abusive” acts or practices regardless of which agency supervises the Banks. The CFPB has taken enforcement action against other credit card issuers and financial services companies. Evolution of these standards could result in changes to pricing, practices, procedures and other activities relating to our credit card accounts in ways that could reduce the associated return from those accounts and potentially impact business growth plans. While the CFPB has taken public positions on certain matters, it is unclear what additional changes may be promulgated by the CFPB in the future and what effect, if any, such changes could have on our credit accounts and our consolidated financial condition.

During 2025 under the current Presidential Administration, the operations of the CFPB evolved significantly, with reductions in staff and more limited examinations and enforcement activities. Certain of these developments at the CFPB are subject to pending litigation, and the scope and intensity of the CFPB’s ongoing regulation of our business remains uncertain.

Tabl e of Contents

Brokered Deposits

The FDIA prohibits an insured bank from accepting brokered deposits, unless it is “well capitalized” or it is “adequately capitalized” and then also receives a waiver from the FDIC. In December 2020 the FDIC updated its regulations that implement Section 29 of the FDIA to establish a new framework for analyzing whether certain deposit arrangements qualify as brokered deposits. In the third quarter of 2024, the FDIC published in the Federal Register a proposed rule that, if finalized as proposed, would have expanded the scope of deposits that constitute “brokered deposits” and therefore could potentially have caused certain of our present or prospective deposits to be treated as brokered. The FDIC withdrew this proposed rule in March 2025.

Guiding and Establishing National Innovation for U.S. Stablecoins Act

In July 2025, President Trump signed the GENIUS Act into law, establishing a federal licensing and supervisory framework for payment stablecoins and their issuers. The GENIUS Act may accelerate and increase the competition that non-traditional financial institutions pose to banks’ payment services, but may also create opportunities for banks to hold stablecoin reserve assets, custody stablecoins, or issue stablecoins. Several key provisions of the GENIUS Act require federal regulatory agencies to adopt implementing regulations, and the GENIUS Act will take effect the earlier of 18 months after its enactment or 120 days after the agencies issue final implementing regulations.

Privacy, Information Security and Data Protection

We are subject to various privacy, information security and data protection laws, including requirements concerning security breach notification. For example, we are subject to the GLBA and implementing regulations and guidance in the United States. Among other things, the GLBA: (i) imposes certain limitations on the ability of financial institutions to share consumers’ nonpublic personal information with nonaffiliated third parties; (ii) requires that financial institutions provide certain disclosures to consumers about their information collection, sharing and security practices and affords consumers the right to opt out of the institution’s disclosure of their personal financial information to nonaffiliated third parties (with certain exceptions); and (iii) requires financial institutions to develop, implement and maintain a written comprehensive information security program containing safeguards that are appropriate to the financial institution’s size and complexity, the nature and scope of the financial institution’s activities, the sensitivity of consumer information processed by the financial institution as well as plans for responding to data security breaches.

The State of California enacted the California Consumer Privacy Act (CCPA) in 2018, which was modified in 2020 through a voter referendum adopting the California Privacy Rights Act. Among other requirements, the CCPA requires covered businesses to provide California residents with the right to know what information is being collected from them and whether such information is sold or disclosed to third parties. The statute also allows California residents to access, delete, correct, and opt out of the sale and sharing of personal information that has been collected by covered businesses in certain circumstances. The CCPA does not apply to personal information processed pursuant to the GLBA or the California Financial Information Privacy Act. We are a covered business under the CCPA, which became effective on January 1, 2020. The enactment of the CCPA has prompted a wave of legislative developments in other states, which has created a patchwork of overlapping but different state laws, certain of which include exemptions for GLBA-regulated entities and/or personal information.

Federal and state laws also require us to respond appropriately to data security breaches. A final rule issued by the FRB, OCC, and FDIC, which became effective in May 2022, requires banking organizations to notify their primary federal regulator of significant computer security incidents within 36 hours of determining that such an incident has occurred. The SEC has also adopted rules on Cybersecurity Risk Management, Strategy, Governance and Incident Disclosure, which, among other things, require the filing of a Current Report on Form 8-K following certain cybersecurity incidents.

We continue to monitor, and have a program in place designed to comply with, applicable privacy, information security and data protection requirements imposed by federal and state laws. However, if we experience a significant cybersecurity incident or our regulators deem our information security controls to be inadequate, we could be subject to supervisory criticism or penalties, and/or suffer reputational harm. For further discussion of privacy, data protection and cybersecurity, and related risks for our business, see “Part I—Item 1A. Risk Factors” under the headings “ Regulation in the areas of privacy, data protection, data governance, and cyber security could increase our costs and affect or limit our business opportunities and how we collect and/or use Personal Information, and any actual or perceived failure to comply with any of these new or existing laws could adversely affect our business, results of operations, or financial condition, ” “If we, our third-party providers, or brand partners fail to safeguard our confidential information and/or experience a data security

Tabl e of Contents

incident, there may be damage to our brand and reputation, material financial penalties and legal claims, which could materially adversely affect our business, results of operations, and financial condition,” and “Business interruptions, including loss of data center capacity, interruption due to cyber-attacks, loss of network connectivity or inability to utilize proprietary software of third-party vendors, could affect our ability to timely meet the needs of our partners and customers and harm our business” and “Part I—Item 1C. Cybersecurity.”

Human Capital

Providing a meaningful value proposition for our associates is one of our top priorities. We seek to enhance our associate value proposition continuously to ensure that we offer competitive rewards, career opportunities and flexible work experience, which we believe enables us to attract and retain a highly qualified and motivated workforce.

As of December 31, 2025, we employed approximately 6,000 associates worldwide, with the majority concentrated in the United States. Attracting, developing and retaining top talent is critical to our business. In making these employment-related decisions, we comply with all applicable laws. We promote an inclusive, engaged culture that empowers associates through opportunities to grow, develop and lead. Our associates have been, and will remain, the backbone of our business, and we take a holistic approach to our associates’ experiences, recognizing that an engaged workforce drives our long-term growth and sustainability. Our Board of Directors and Compensation & Human Capital Committee provide important oversight of our human capital management strategy and receive regular updates from senior management and third-party consultants on human capital trends and developments and other key human capital matters that drive our ongoing success and performance.

Associate Benefits and Well-Being

Associate well-being remains a top human capital priority, and we are committed to providing our associates with competitive total compensation, benefits and wellness resources. Our associates continue to value a flexible work experience that allows them to balance office work and remote work time. Over 90% of our associates view our flexible work arrangements as a competitive advantage relative to other potential employment opportunities, and we continue to take advantage of the engagement and productivity benefits associated with increased flexibility, as well as opportunities for connectedness and social interaction. Other associate well-being resources include mental health awareness and counseling support, wellness courses and financial education, a variety of fitness and meditation classes, a reimbursement program for eligible items, memberships, and experiences that enhance well-being and other benefits to promote mental and physical health.

While we continue to improve the competitiveness of our associate benefit offerings, it is also important for associates to make informed decisions about their health and money. When surveyed, 89% of our associates are confident they have the knowledge and skills to make informed decisions about their health and money.

Associate Experience and Engagement

Delivering an exceptional customer experience relies on our ability to cultivate an engaging and rewarding experience for our associates. We maintained high levels of associate engagement and retention in 2025. We continue to listen to and act on feedback from our associates, including through our annual Associate Experience Survey and other more frequent surveys and communications. Each year after the results of the annual Associate Experience Survey have been tabulated, our senior management presents those results to our Compensation & Human Capital Committee and our Board of Directors, including discussion regarding trends observed and actions to be taken in response to the results. Input from our Board of Directors helps inform our human capital strategies and objectives going forward.

Workforce Readiness, Growth and Advancement

At Bread Financial, we know associates have different needs to meet their career goals, including by accessing new work opportunities through our suite of mobility programs. During the year we expanded our existing mobility programs, which include internship opportunities, rotational programs, and our “Flex and Stretch” programs, that allow associates to work on projects outside of their core work responsibilities. Additionally, our six-month Apprentice Program continues to be successful. These mobility programs support our associates in their career goals, while allowing us to move talent across the organization to meet our business needs.

Tabl e of Contents

Robust training and development remain central to our human capital strategy. This year a new partnership with Pluralsight was launched to advance technical skills across the associate population. This enabled the creation of specialized skill paths in technology, an immersive cohort program for AI in Data Science, and an Operational Excellence academy offering Six Sigma, Design Thinking and AI training. In addition to career-oriented training and development, we require annual associate training to ensure ongoing adherence to responsible business practices and ethical conduct, and all associates must certify annually that they have read and will adhere to our Code of Ethics. Our Associate Relations team also conducted ethics roadshows in 2025, which were required for all leaders of people.

Inclusive Culture

We are committed to creating an inclusive culture that attracts and values diversity of thought, experience, background, skills and ideas, driving our associates’ sense of belonging. Over the past few years, we have advanced our actions and activities in support of creating a more inclusive work environment, including the maturation of our associate programs and expansion of our nine Associate Resource Groups, which are open to all associates across our locations and that nearly 1,600 unique associates have voluntarily joined. Based on our annual Associate Experience Survey, 86% of our associates feel a sense of belonging and 90% believe Bread Financial is committed to fostering a work environment of inclusion and belonging.

Sustainability Strategy

We are a financial services company dedicated to empowering our customers and optimizing opportunities to create value for all our stakeholders, while advancing long-term financial and reputational goals. We prioritize initiatives that strengthen our communities, reduce our environmental impact, promote inclusion and build financial confidence. We continue to advance the integration of environmental and social factors into our overall governance, risk management and reporting practices in ways that increase transparency and enhance the quality of our disclosures. Additional information regarding our sustainability strategy and responsible business practices can be found in our annual sustainability report published on our website at: https://investor.breadfinancial.com/sustainability/. No information from this website is incorporated by reference herein. Please also see “Human Capital” above.

Other Information

Our corporate headquarters are located at 3095 Loyalty Circle, Columbus, Ohio 43219, where our telephone number is 614-729-4000.

We file or furnish annual, quarterly and current reports, proxy statements and other information with the SEC. Our SEC filings are available to the public at the SEC’s website at www.sec.gov . You may also obtain copies of our annual, quarterly and current reports, proxy statements and certain other information filed or furnished with the SEC, as well as amendments thereto, free of charge from our website, www.BreadFinancial.com . No information from this website is incorporated by reference herein. These documents are posted to our website as soon as reasonably practicable after we have filed or furnished these documents with the SEC. We post our Audit Committee, Risk & Technology Committee, Compensation & Human Capital Committee and Nominating & Corporate Governance Committee charters, our corporate governance guidelines, and our code of ethics, code of ethics for senior financial officers, and code of ethics for Board members on our website.

Tabl e of Contents

Item 1A.    Risk Factors.

RISK FACTORS

This section should be carefully reviewed, in addition to the other information appearing in this Form 10-K, including the sections entitled “ Risk Management ” and “ Management’s Discussion and Analysis of Financial Condition and Results of Operations ” and our audited Consolidated Financial Statements and related Notes, for important information regarding risks and uncertainties that affect us. The risks and uncertainties described below are not the only ones we face. Additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business. If any of the following risks actually occur, our business, financial condition, results of operations, and future prospects could be materially and adversely affected.

Summary

This risk factor summary is qualified in its entirety by reference to the complete description of our risk factors set forth immediately below.

Risks related to our macroeconomic, global, strategic, business and competitive environment include:

• Market conditions, inflation, interest rates, labor market conditions, recessionary pressures or concerns over a prolonged economic slowdown, and the related impact on consumer spending behavior, payments, debt levels, savings rates and other behavior, could have a material adverse effect on our business.

• Global political, public health and social events or conditions, including ongoing wars and military conflicts, may harm our business.

• Our unsecured loans make us reliant on the future credit performance of our customers, and if customers are unable to repay our loans, our level of future delinquency and charge-off rates will increase.

• A significant percentage of our revenue is generated through relationships with a limited number of partners, and a decrease in business from, or the loss of, any of these partners, could have an adverse effect on our business.

• Our business is heavily concentrated in U.S. consumer credit, and therefore our results are more susceptible to fluctuations in the U.S. consumer credit market than a more diversified company.

• The amount of our Allowance for credit losses could adversely affect our business and may be insufficient to cover actual losses on our loans.

• We may be unable to successfully identify, complete or successfully integrate or disaggregate business acquisitions, divestitures and other strategic initiatives.

• Competition in our industry is intense, including competition from new and non-traditional competitors, such as financial technology companies, and with respect to new products, services and technologies, such as the emergence or increase in popularity of agentic commerce, digital payment platforms and currencies and other alternative payment and deposit solutions.

• Our results of operations and growth depend on our ability to retain existing partners and attract new partners, and our results are impacted, to a significant extent, on the active and effective promotion and support of our products by our partners and on the financial performance of our partners.

• Underwriting performance of acquired or new lending programs may not be consistent with existing experience.

• We rely extensively on models in managing many aspects of our business, and if they are not accurate or are misinterpreted, such factors could have a material adverse effect on our business and results of operations.

• Fraudulent activity associated with our products and services could negatively impact our operating results, brand and reputation, decreasing the use of our products and services and increasing our fraud losses.

Risks related to our liquidity, market and credit risk include:

• Adverse financial market conditions or our inability to effectively manage our funding and liquidity risk could have a material adverse effect on our business, liquidity and ability to meet our debt service requirements and other obligations.

• Our inability to effectively access the securitization or other capital markets could limit our funding opportunities for loans and other business opportunities.

• Competition for deposits and regulatory restrictions on deposit products can impact availability and cost of funds.

• Our level of indebtedness may restrict our ability to compete and grow our business.

• Our market valuation has been, and may continue to be, volatile, and returns to stockholders may be limited.

Tabl e of Contents

Risks related to our legal, regulatory and compliance environment include:

• We face various risks related to the extensive government regulation and supervision of our business, including by the FDIC, CFPB and other federal and state authorities. These risks include pending and future laws, regulations or executive actions that may adversely impact our business, including with respect to limits on credit card interest rates or late fees, interchange fees or other charges, as well as supervisory and other actions that may be taken against us by our regulators.

• Pending and future litigation could subject us to significant fines, penalties, judgments and/or requirements.

• We are a holding company and depend on dividends and other payments from our Banks, which are subject to various legal and regulatory restrictions.

• Regulations relating to privacy, information security and data protection could increase our costs, affect or limit how we collect and use personal information and adversely affect our business opportunities.

• Financial institution capital requirements may limit cash available for business operations, growth and returns to stockholders.

Risks related to cybersecurity, technology and third-party vendors include:

• We rely on third-party vendors, and could be adversely impacted if such vendors fail to fulfill their obligations.

• Failures in data protection, cybersecurity and information security, as well as business interruptions to our data centers and other systems, could critically impair our products, services and ability to conduct business.

• Our industry is subject to rapid and significant technological changes, and we may be unable to successfully develop and commercialize new or enhanced products and services. Moreover, technology transformation projects are complex undertakings, which may result in unanticipated adverse consequences.

• The development and use of AI presents risks and challenges to our business, including compliance with new AI laws and regulations, risks associated with AI models, and the malicious use of AI technology by bad actors.

Risks related to the spinoff of our former LoyaltyOne segment include potential tax and other liabilities, existing or future litigation or other disputes, or other adverse impacts.

Macroeconomic, Global, Strategic, Business and Competitive Risks

Weakness and instability in the macroeconomic environment, as well as global political, public health and social events or conditions, could have a material adverse effect on our business, results of operations and financial condition.

Macroeconomic conditions historically have affected our business, results of operations and financial condition and will continue to affect them in the future. We offer an array of payment, lending and saving solutions to consumers, and a prolonged period of economic weakness, including a recession or economic slowdown, economic and market volatility, and other adverse economic conditions, including persistent inflation, high interest rates and high levels of unemployment, could have a material adverse effect on our business, results of operations and financial condition, as these macroeconomic conditions may reduce consumer confidence and negatively impact customers’ payment and spending behavior. Some of the specific risks we face as a result of these conditions include:

• Adverse impacts on our customers’ ability and willingness to pay amounts owed to us, increasing delinquencies, defaults, charge-offs, bankruptcies and consequentially our Allowance for credit losses, and decreasing recoveries;

• Decreased consumer spending, changes in payment patterns, lower demand for credit and shifts in consumer payment behavior towards avoiding late fees, finance charges and other fees;

• Decreased reliability of the processes and modeling we use to estimate our Allowance for credit losses, particularly if unexpected variations in key inputs and assumptions cause actual losses to diverge from the projections of our modeling and our estimates become increasingly subject to management’s judgment; and

• Limitations on our ability to replace maturing liabilities and to access the capital and deposit markets to meet liquidity needs.

While we closely monitor economic conditions and indicators, including inflation, interest rates, changes in monetary policy, housing values, the state of the commercial real estate industry, energy prices, external credit bureau risk scores, consumer wages, consumer saving rates and debt levels, including student loan debt, consumer and business spending, unemployment, financial markets, government policy and concerns about the level of U.S. government debt, as well as economic and political conditions in the U.S. and global markets, the outcome of any of these conditions and indicators remains difficult to predict. During 2025, the economic scenario weightings in our credit reserve modeling continued to

Tabl e of Contents

reflect an elevated possibility of a recession, high interest rates, persistent inflation, and the increased cost of overall consumer debt. A recession or prolonged period of economic weakness would likely, among other things, adversely affect consumer discretionary spending levels and the ability and willingness of customers to pay amounts owed to us and could have a material adverse effect on our business, key credit trends, results of operations and financial condition. Moreover, the current macroeconomic environment may have a disproportionately adverse impact on us, as compared to our peers, due to our relatively higher proportion of private label credit card accounts and our deeper underwriting. In the current macroeconomic landscape, the wage growth of many moderate and lower-income households has been challenged by the compounding effect of persistent inflation, even while unemployment rates remain low. Given the higher proportion of moderate and lower-income households within our partners’ customer bases relative to many of our peers, a continuation of this trend could impact us more negatively than others in our industry. Moreover, the current Presidential Administration’s policies on trade, immigration and taxes could create inflationary pressures, which in turn could disproportionately impact our customer base.

For context, during the Great Recession, our Delinquency and Net principal loss rates peaked in 2009 at 6.2% and 10.0%, respectively. As of December 31, 2025, our Delinquency rate was 5.8% and our 2025 full-year Net principal loss rate was 7.7%. While these 2025 rates were lower than those experienced in 2009, the current and near-term anticipated Delinquency and Net principal loss rates remain elevated, relative to our historical experience, and a prolonged continuation or worsening of these rates could have a material adverse impact on us.

In addition, political events and uncertainties (including those arising from significant shifts in policy that impact consumers, such as tariffs and other trade-related measures, taxes and immigration, among others, and the potential or threat of retaliatory international and domestic policies), international tensions or hostilities, armed conflict, war (such as the ongoing war between Ukraine and Russia and instability in the Middle East), civil unrest, outbreaks of illnesses, pandemics, endemic diseases, or other local or global health issues, climate-related events, impacts to the power grid, and natural disasters have, to varying degrees, negatively impacted our operations, brand partners, service providers and consumer spending, and such events and conditions may negatively impact the economy and us going forward. Moreover, political disputes over the debt ceiling, budget deficits, healthcare or immigration policy or other matters may result in prolonged government shutdowns and increase the possibility of the U.S. government defaulting on its debt and/or having its credit ratings further downgraded, any of which could weaken the U.S. dollar, cause market volatility, negatively impact the economy and banking system and adversely affect our financial condition, including our liquidity and ability to access capital.

The loans we make are unsecured, and we may not be able to ultimately collect from customers that default on their loans.

The primary risk associated with unsecured consumer lending is the risk of default or bankruptcy of the borrower, resulting in the borrower’s balance being written-off as uncollectible. We rely principally on the borrower’s creditworthiness for repayment of the loan and, therefore, have no other recourse for collection. An increase in defaults or net principal losses could result in a reduction in Net income.

We may not be able to successfully identify and evaluate the creditworthiness of borrowers to minimize delinquencies and losses. As part of our efforts to manage our credit risk, we use our automated proprietary scoring technology and verification procedures to make risk-based underwriting decisions when approving new account holders, establishing or adjusting their credit limits and applying our risk-based pricing. These models may not accurately predict future charge-offs for various reasons discussed elsewhere in these Risk Factors, including in “ Our risk management policies and procedures may not be effective, and the models we rely on may not be accurate or may be misinterpreted. ” While we monitor credit quality on a regular and consistent basis, utilizing internal algorithms and external credit bureau risk scores and other data, these algorithms and data sources may be inaccurate or incomplete, including as a result of certain customers’ credit profiles not fully reflecting their credit risk due to any number of factors, including, for example, the less-regulated reporting requirements for many fintechs offering buy now, pay later products or other lending options and existing or future limitations on the reporting of medical debt. Mandated changes to credit bureau reporting, or the information that may be included in a credit bureau report, can change the accuracy of scoring models that leverage tradelines and performance in determining credit risk. As a result, the data and models upon which we rely may not fully reflect the extent of our customers’ actual financial obligations.

General economic conditions, including a recession or prolonged economic slowdown, persistent inflation, interest rates, high unemployment or volatility in energy prices, may result in greater delinquencies that lead to greater credit losses. In addition to being affected by general economic conditions and the success of our collection and recovery efforts, the

Tabl e of Contents

stability of our Delinquency and Net principal loss rates are affected by the credit risk inherent in our Credit card and other loan portfolios, as well as the vintage of the accounts in our various credit card portfolios. We also closely monitor the segment of our portfolio with student loans to observe payment rate trends. In December 2025, the Department of Education announced that, beginning in early 2026, the federal government would begin garnishing wages of student loan borrowers that are in default on federal student loans; provided that the Department of Education subsequently announced that it was indefinitely postponing any such garnishments. The impact of this policy change, to the extent it becomes effective, on our customers’ ability to repay us remains uncertain.

Further, our pricing strategy may not offset the negative impact on profitability caused by increases in delinquencies and credit losses, thus any material increases in delinquencies and credit losses beyond our current estimates could have a material adverse impact on us. Our Delinquency rates were 5.8% of Credit card and other loans as of December 31, 2025, compared with 5.9% and 6.5% as of December 31, 2024 and 2023, respectively. For 2025, our Net principal loss rate was 7.7%, compared with 8.2% and 7.5% for 2024 and 2023, respectively. As referenced above, the current and near-term anticipated Delinquency and Net principal loss rates remain high, relative to our historical experience, and a prolonged continuation or worsening of these rates could have a material adverse impact on our business and results of operations.

A significant percentage of our Total net interest and non-interest income, or revenue, is generated through our relationships with a limited number of partners, and a decrease in business from, or the loss of, any of these partners could cause a significant drop in our revenue.

We depend on a limited number of large partner relationships for a significant portion of our revenue. As of and for the year ended December 31, 2025, our five largest credit card programs (based on Total net interest and non-interest income) accounted for approximately 49% of our Total net interest and non-interest income excluding the gain on sale and 44% of our End-of-period credit card and other loans. In particular, our programs with (alphabetically) Signet Jewelers, Ulta Beauty and Victoria’s Secret & Co. and its retail affiliates, each accounted for 10% or more of our Total net interest and non-interest income for the year ended December 31, 2025. Our business is intensely competitive, and we cannot provide assurance that we will retain the business of all of our significant brand partners going forward.

Our business is heavily concentrated in U.S. consumer credit, and therefore our results are more susceptible to fluctuations in that market than a more diversified company.

Our business is heavily concentrated in U.S. consumer credit. As a result, we are more susceptible to fluctuations and risks particular to U.S. consumer credit than a more diversified company. For example, our business is particularly sensitive to macroeconomic conditions that affect the U.S. economy, consumer spending and consumer credit. We are also more susceptible to the risks of increased regulations and legal and other regulatory actions that are targeted at consumer credit or the specific consumer credit products that we offer, such as legislation and regulations relating to credit card late fees, credit card interest rates and promotional financing. Our business concentration could have an adverse effect on our results of operations.

We expect growth to result, in part, from new and acquired credit card and other loan programs whose performance could result in increased portfolio losses and negatively impact our profitability.

We expect an important source of our growth to come from new and acquired credit card and other loan programs. We cannot be assured that the loss experience on new and acquired programs will be consistent with our more established programs, or that the cost to provide service to these new and acquired programs will not be higher than anticipated. The failure to successfully underwrite these new and acquired programs may result in defaults greater than our expectations and could have a material adverse impact on us and our profitability. See “ Our risk management policies and procedures may not be effective, and the models we rely on may not be accurate or may be misinterpreted. ” Moreover, under the CECL accounting rules, the acquisition of an existing credit card portfolio typically has a negative impact on certain key financial metrics in the near-term, including Net income and Earnings per share, because we are required to include a reserve build in our Provision for credit losses for the estimated credit losses to be experienced over the life of the acquired portfolio. The amount of this reserve build is often large relative to the amount of revenue generated through such date by the related credit card portfolio. See also “ –The amount of our Allowance for credit losses could adversely affect our business and may prove to be insufficient to cover actual losses on our loans. ”

Tabl e of Contents

Our risk management policies and procedures may not be effective, and the models we rely on may not be accurate or may be misinterpreted.

Our risk management framework, which seeks to identify and mitigate current or future risks and appropriately balance risk and return, may not be comprehensive or fully effective. As regulations and competition continue to evolve, our risk management framework may not always keep sufficient pace with those changes. If our risk management framework does not effectively identify or mitigate our risks, we could suffer unexpected losses and could be materially adversely affected.

We rely extensively on models in managing many aspects of our business, including liquidity and capital planning (including stress testing), customer selection, underwriting and line management, credit and other risk management, pricing, reserving and collections management. The models may prove in practice to be less accurate, predictive or useful than we expect for a variety of reasons, including as a result of (i) errors in constructing, interpreting or using the models, (ii) the use of inaccurate assumptions (including models being calibrated on historical cycles and correlations which may not be predictive of the future, or failures to update assumptions appropriately or in a timely manner), or (iii) the model producing results that are not compliant with fair lending or other laws and regulations. Our assumptions may be inaccurate for many reasons including that they often involve matters that are inherently difficult to predict and beyond our control (e.g., macroeconomic conditions, including continued elevated inflation, low unemployment, increasing consumer debt levels and weakening in macroeconomic indicators, and their impact on partner and customer behaviors) and they often involve complex interactions between a number of dependent and independent variables, factors and other assumptions. In particular, in recent years, we have observed rates and correlations among several key macroeconomic variables, such as unemployment and interest rates, perform outside of observed historical norms, which could impact the reliability of certain models in the current economic environment. In addition, as we seek to update and enhance our models, these updates and enhancements may produce unexpected or unreliable results. The errors or inaccuracie s in our models may be material, and could lead us to make poor or sub-optimal decisions in managing our business, and this could have a material adverse effect on our business, results of operations and financial condition.

Fraudulent activity associated with our products and services could negatively impact our operating results, brand and reputation and cause the use of our products and services to decrease and our fraud losses to increase.

We are subject to the risk of fraudulent activity associated with our products and services, as well as retailers, partners, other merchant parties or third-party service providers handling consumer information. Our products are susceptible to application fraud bec ause, among other things, we provide immediate access to credit at the time of approval. In addition, digital sales on the internet and through mobile channels continue to be a larger part of our business, and fraudulent activity is higher as a percentage of sales in those channels than in brick-and-mortar store transactions. The different financial products we offer, including deposit products, are susceptible to different types of fraud, and, depending on our product mix and channel mix, we may continue to experience variations in, or levels of, fraud-related expenses that are different from or higher than those experienced by some of our competitors or the industry generally. The risk of fraud continues to increase for the financial services industry, and credit card and deposit fraud, identity theft and related crimes are likely to continue to be prevalent, with increasingly sophisticated perpetrators. More recently, emerging generative AI capabilities, such as synthetic voice and conversation generation, introduced new fraud risks, especially in the form of identity fraud. Our resources, technologies and fraud prevention tools may be insufficient to accurately detect and prevent fraud.

Our fraud-related operational losses were $65 million for both the years ended December 31, 2025 and 2024, and $127 million for the year ended December 31, 2023. During 2023, we believe the financial services industry generally experienced an uptick in both the volume and sophistication of fraud attacks, and we also experienced that trend in our business, with fraud-related operational losses increasing significantly. While we were successful in decreasing fraud-related losses in 2024 and 2025, t he perpetrators of fraud attacks remain persistent and we cannot provide assurance that fraud-related losses will remain at or below these lower levels going forward. In addition to direct financial impacts, high profile fraudulent activity could also negatively affect our brand and reputation, which could negatively impact the use of our services, leading to a material adverse effect on our results of operations. In addition, significant increases in fraudulent activity could lead to regulatory intervention, including, but not limited to, additional consumer notification requirements, increasing our costs and negatively impacting our operating results, net income and profitability. Regulators and consumer activists have also sought to expand financial institutions’ responsibility to hold customers harmless for fraudulent transactions on their accounts, which increases our exposure to fraud-related losses.

Tabl e of Contents

The amount of our Allowance for credit losses could adversely affect our business and may prove to be insufficient to cover actual losses on our loans.

The Financial Accounting Standards Board’s CECL accounting standard requires us to determine periodic estimates of the lifetime expected credit losses on our Credit card and other loans, and reserve for those expected credit losses through an allowance for credit losses against the loans. In addition, as referenced above, for credit card loan portfolios we acquire, we are required to establish such an allowance for credit losses. Any subsequent deterioration in the performance of a purchased portfolio results in incremental credit loss reserves. Growth in our loan portfolio generally would also lead to an increase in our Allowance for credit losses.

The process for establishing our Allowance for credit losses is critical to our results of operations and financial condition, and requires complex modeling and judgments, including forecasts of economic conditions. The ongoing impact of CECL will be significantly influenced by the composition, characteristics and quality of our Credit card and other loans, as well as the prevailing economic conditions and forecasts utilized. For additional information regarding our Allowance for credit losses, see Note 3, “Allowance for Credit Losses” to our audited Consolidated Financial Statements included as part of this Annual Report on Form 10-K.

The CECL model may create more volatility in the level of our Allowance for credit losses. If we are required (as a result of any review, update, regulatory guidance or otherwise) to materially increase our level of the Allowance for credit losses, such increase could adversely affect our business, financial condition, results of operations and opportunity to pursue new business. Moreover, we may underestimate our expected credit losses, and we cannot assure that our Allowance for credit losses will be sufficient to cover actual losses.

We may not be successful in realizing the benefits associated with our acquisitions, dispositions and strategic investments, and our business and reputation could be materially adversely affected.

Historically, we have acquired a number of businesses, as well as made strategic investments in businesses, products, technologies, platforms or other ventures, and we expect to continue to evaluate potential acquisitions, investments and other transactions in the future. There is no assurance that we will be able to successfully identify suitable candidates for any such opportunities, value any such opportunities accurately, negotiate favorable terms for any such opportunities, or successfully complete any such proposed transactions. If we are unable to identify attractive acquisition candidates or accretive new business opportunities, our growth could be limited.

Similarly, we may evaluate the potential disposition of, or elect to divest, assets or portfolios that no longer complement our long-term strategic objectives, as we did in November 2021, when we completed the spinoff of our LoyaltyOne segment. See also “ Risks Related to the LoyaltyOne Spinoff. ”

In addition, there are numerous risks associated with acquisitions, dispositions and the implementation of new business opportunities, including, but not limited to:

• the diversion of management’s attention from other business concerns;

• continued financial responsibility with respect to a divested business, including guarantees, indemnities or other financial obligations;

• the assumption of unknown liabilities of the acquired company;

• the uncertainty of achieving expected benefits of an acquisition or disposition, including revenue, human resources, technological or other cost savings, operating efficiencies or synergies;

• the inability to integrate systems, personnel or technologies from our acquisitions and strategic investments;

• unforeseen legal, regulatory or other challenges that we may not be able to manage effectively; and

• the reduction of cash available for operations, payment of dividends, stock repurchase programs or other uses and potentially dilutive issuances of equity securities or incurrence of additional debt.

Furthermore, if the operations of an acquired or new business do not meet expectations, our profitability may decline and we may seek to restructure the acquired business or to impair the value of some or all of the assets of the acquired or new business.

Tabl e of Contents

Competition in our industry is intense, and the markets for the services that we offer may contract or fail to expand, each of which could negatively impact our growth and profitability.

The markets for our products and services are highly competitive, and we expect this competition to intensify. Our growth and continued profitability depend on continued acceptance or adoption of the products and services we offer. We compete with a wide range of businesses, and some of our current competitors have longer operating histories, stronger brand names and greater financial, technical, marketing and other resources than we do. Moreover, the consumer credit and payments industry is highly competitive and we face an increasingly dynamic industry as emerging products, services and technologies, as well as new and non-traditional competitors, enter the marketplace. For a more detailed discussion regarding how we compete with respect to each of our product categories, as well as detail on emerging competitive trends, see “Item 1. Business—Competition” of this Form 10-K above. Additionally, downturns in the economy or the performance of our retail or other partners, including as a result of macroeconomic conditions, geopolitical events or global health events or other pandemic or endemic diseases, may result in a decrease in the demand for our products and services. Our ability to generate significant revenue from partners and customers will depend on our ability to differentiate ourselves through the products and services we provide and the attractiveness of our programs to consumers. If we are not able to differentiate our products and services from those of our competitors, drive value for our partners and their customers, or effectively and efficiently align our resources with our goals and objectives, we may not be able to compete effectively in the market. Any decrease in the demand for our products and services for the reasons discussed above or any other reasons could have a material adverse effect on our growth, revenue and operating results.

Our results of operations and growth depend on our ability to retain existing partners and attract new partners.

The majority of our revenue is generated from the credit products we provide to customers of our partners pursuant to program agreements that we enter into with our partners. As a result, our results of operations and growth depend on our ability to retain existing partners and attract new partners. Historically, there has been turnover in our partners, and we expect this will continue in the future. See also, “ A significant percentage of our Total net interest and non-interest income, or revenue, is generated through our relationships with a limited number of partners, and a decrease in business from, or the loss of, any of these partners could cause a significant drop in our revenue. ”

There is significant competition for our existing partners, and our failure to retain our existing larger partner relationships upon the expiration of a program agreement or our earlier loss of a relationship upon the exercise of a partner’s early termination rights, or the expiration or termination of a substantial number of smaller partner contracts or relationships, could have a material adverse effect on our results of operations (including growth rates) and financial condition to the extent we do not acquire new partners of similar size and profitability or otherwise grow our business. In addition, existing relationships may be renewed on less favorable terms to us in response to increased competition for such relationships. The competition for new partners is also significant, and our failure to attract new partners could adversely affect our ability to grow.

Our results depend, to a significant extent, on the active and effective promotion and support of our products by our brand partners.

Our partners generally accept most major credit cards and various other forms of payment; therefore our success depends, in part, on their active and effective promotion of our products to their customers. We depend on our partners to integrate the use of our credit products into their operations, including into their in-store and online shopping experiences and loyalty programs. We rely on our partners to train their sales and call center associates about our products and to have their associates encourage customers to apply for, and use, our products and otherwise effectively market our products. If our partners do not effectively promote and support our products, or if they make changes in their business models that negatively impact card usage, these actions could have a material adverse effect on our business and results of operations. Partners may also implement or fail to implement changes in their systems and technologies that may disrupt the integration between their systems and technologies and ours, any of which could disrupt the use of our products. In addition, if our partners engage in improper business practices, do not adhere to the terms of our program agreements or other contractual arrangements or standards, or otherwise diminish the value of our brand, we may suffer reputational damage and customers may be less likely to use our products, which could have a material adverse effect on our business and results of operations.

Tabl e of Contents

Our results are impacted, to a significant extent, by the financial performance of our partners.

Our ability to originate new credit card accounts, generate new loans, and earn interest and fees and other income is dependent, in part, upon sales of merchandise and services by our partners and the use of our products by customers. The retail and other industries in which our partners operate are intensely competitive. Our partners’ sales may decrease or may not increase as we anticipate for various reasons, some of which are in the partners’ control and some of which are not. For example, partner sales have been, and in the future may be, adversely affected by pandemic or endemic diseases or other macroeconomic conditions having a national, regional or more local effect on consumer spending, business conditions affecting the general retail environment, such as supply chain distributions or the ability to maintain sufficient staffing levels or a particular partner or industry, or natural disasters or other catastrophes affecting broad or more discrete geographic areas. If our partners’ sales decline for any reason, it generally results in lower credit sales, and therefore lower loan volumes and associated interest and fees and other income for us from our customers. In addition, if a partner closes some or all of its stores or becomes subject to a voluntary or involuntary bankruptcy proceeding (or if there is a perception that such an event may occur), we may be adversely impacted in a number of different ways. In such circumstances, we may lose future credit sales and existing customers may have less incentive to pay their outstanding balances to us, which could result in higher charge-off rates than anticipated and our costs for servicing its customers’ accounts may increase. This risk is particularly acute with respect to our largest partners that account for a significant amount of our Total net interest and non-interest income. See “ A significant percentage of our Total net interest and non-interest income, or revenue, is generated through our relationships with a limited number of partners, and a decrease in business from, or the loss of, any of these partners could cause a significant drop in our revenue. ” Moreover, if the financial condition of a partner deteriorates significantly or a partner becomes subject to a bankruptcy proceeding, we may not be able to recover customer returns, customer payments made in partner stores or other amounts due to us from the partner. The impact of the bankruptcy of any particular brand partner on our business is difficult to predict; most recently, for example, our brand partner Saks Fifth Avenue filed for Chapter 11 bankruptcy protection in January 2026. A decrease in sales by our partners for any reason, or a bankruptcy proceeding involving any of them could have a material adverse impact on our business and results of operations.

We may not be successful in our efforts to promote usage of our DTC credit cards, or to effectively control the costs associated with such promotion, both of which may materially impact our profitability.

We have been investing in promoting the use of our DTC credit cards, including our Bread Cashback American Express Credit Card and our Bread Rewards American Express Credit Card, but there can be no assurance that our investments to acquire cardholders, provide differentiated features and services and increase the use of our DTC credit cards will be effective, particularly with increasing competition from other card issuers and fintechs, as well as changing consumer and business behaviors. In addition, if we develop new products or offers that attract customers looking for short-term incentives rather than incentivizing long-term loyalty, cardholder attrition and costs could increase. Moreover, we may not be able to cost-effectively manage and expand cardholder benefits, including controlling the growth of marketing, promotion, rewards and cardholder services expenses in the future.

Reductions in interchange fees, or changes in the laws and regulations governing such fees, could have various adverse impacts on our business and results of operations.

Interchange is a fee merchants pay to the payment networks in exchange for using the network’s infrastructure and payment facilitation, some of which is paid to credit card issuers. We earn interchange fees on co-brand and general purpose credit card transactions, but we typically do not charge or earn interchange fees from our partners or customers on our private label credit card products.

Certain merchants, in an effort to decrease their operating expenses, have with some success sought to lower interchange fees, including through litigation against the payment networks, promoting alternative payment platforms with lower processing costs and lobbying for legislative or regulatory changes. Several recent events and actions indicate a continuing focus on interchange by legislators, regulators and merchants. In 2023, for example, legislation was reintroduced in the U.S. House of Representatives and Senate, which, among other things, would require large issuing banks (over $100 billion) to offer a choice of at least two unaffiliated networks over which electronic transactions may be processed. At the state level, the Illinois legislature passed a bill that would prohibit the charging of interchange fees on sales tax and gratuities and restrict use of electronic payment transaction data except to facilitate or process the transaction or as required by law. This Illinois legislation is being challenged in federal court, and on February 10, 2026, the court issued a ruling denying a permanent injunction sought by the plaintiffs that would have enjoined the interchange fee provisions of the legislation, although the court did grant a permanent injunction with respect to the data use restrictions in the legislation.

Tabl e of Contents

The court’s ruling against the plaintiffs will be appealed. Unless the plaintiffs obtain a stay or injunction during the appeal process or the legislature otherwise intervenes, the prohibition on charging interchange fees on sales tax and gratuities in Illinois will become effective July 1, 2026. Similar legislation has been introduced in other states and, absent a successful legal challenge, these bills would have a number of adverse impacts on us, including negatively impacting our interchange revenue and creating operational challenges. In addition, in November 2025, a proposed settlement was announced in the long-standing Visa/Mastercard litigation, which began in 2005 when a class of merchant plaintiffs alleged that Visa and Mastercard, along with their member banks, engaged in anti-competitive practices by collectively setting excessive interchange fees and imposing other restrictive rules on merchants. The proposed settlement would, among other items, reduce interchange fees and give merchants greater choice in accepting credit cards in various categories, which could have various adverse impacts on our business, including reduced interchange revenue and decreased acceptance of certain of our cards by retailers. The proposed settlement remains subject to court approval, and we can provide no assurance with respect to the timing or outcome of the court approval process or the effects on us of the settlement if approved.

Furthermore, to the extent interchange fees are reduced, one of our current competitive advantages with our partners—that we typically do not charge interchange fees when our private label credit card products are used to purchase our partners’ goods and services—may be reduced. In addition, for our co-brand and general purpose credit cards, we are subject to the operating regulations and procedures set forth by the payment networks. Our failure to comply with these operating regulations, which may change from time to time, could subject us to various penalties or fees, or the termination of our license to use the applicable payment network, all of which could have a material adverse effect on our business and results of operations.

We may not be able to retain and/or attract and hire a highly qualified workforce or maintain our corporate culture, and having a large segment of our workforce periodically working from home may exacerbate these risks and cause new risks.

Our performance largely depends on the talents and efforts of our employees, particularly our key personnel and senior management. We may be unable to retain or to attract highly qualified employees. The market for key personnel is highly competitive, particularly in technology and other skill areas significant to our business. Failure to attract, hire, develop, motivate and retain highly qualified employee talent, or to maintain a corporate culture that fosters innovation, creativity and teamwork could harm our overall business and results of operations. We rely on key personnel to lead with integrity and decency. To the extent our leaders behave in a manner that is not consistent with our values and leadership behaviors, we could experience significant impacts to our brand and reputation, as well as to our corporate culture.

Moreover, in connection with the COVID-19 pandemic, we transitioned nearly all of our workforce to work remotely, and nearly all of our workforce continues to work on a hybrid office/remote schedule. Remote work by a majority of our employee population may impact our culture and employee engagement with our company, which could affect productivity and our ability to retain employees who are critical to our operations and may increase our costs and impact our results of operations. Moreover, work from home policies by other companies may create more job opportunities for employees and make it more difficult for us to attract and retain key talent, especially in light of changing worker expectations and talent marketplace variability regarding flexible work models. In addition, employees who work from home rely on residential communication networks and internet providers that may not be as resilient as commercial networks and providers, and therefore may be more susceptible to service interruptions and cyberattacks than commercial systems. Our business continuity and disaster recovery plans, which have been historically developed and tested with a focus on centralized delivery locations, may not work as effectively in a distributed work from home model, where weather impacts, network and power grid downtime may be difficult to manage. If we are unable to manage the work from home environment effectively to address these and other risks, our reputation and results of operations may be impacted.

Our operations and financial performance could be adversely affected by severe weather and natural disasters, as well as by climate change and ESG-related regulations and actions.

Severe weather events and natural disasters could have a material adverse effect on our financial position and results of operations, and the timing and effects of any such events cannot accurately be predicted. The frequency and severity of some types of weather events and natural disasters, including wildfires, tornadoes, severe storms and hurricanes, have increased in recent years, which further reduces our ability to predict their effects accurately. These such events could affect us directly (for example, by interrupting our systems, impacting the power grid, damaging our facilities or otherwise preventing us from conducting our business in the ordinary course) or indirectly (for example, by damaging or destroying brand partner businesses or customers’ homes, impacting our service providers or otherwise impairing customers’ ability to repay their loans). Many of our customers were affected by the particularly intense 2024 hurricane season in the U.S. As a

Tabl e of Contents

result of these hurricanes, we froze delinquency progression for cardholders in Federal Emergency Management Agency (FEMA) identified impact zones for one billing cycle, which resulted in modestly lower Net principal losses and Net principal loss rate in the fourth quarter of 2024, and consequently negatively impacted Net principal losses and the Net principal loss rate in the second quarter of 2025.

In addition, many governments, investors and other stakeholders have sought to accelerate actions to address climate change and other environmental, social and governance topics. This has led to new regulations and expectations, which may be conveyed to us in the form of stockholder proposals, public campaigns, proxy solicitations or otherwise, that may cause significant shifts in disclosure, commerce and consumption behaviors. Any of these developments may impact our operating costs and our business. For example, in March 2024, the SEC issued final rules relating to the disclosure of a range of climate-related risks and other information. Multiple lawsuits were filed against the SEC, and the SEC issued a voluntary stay of the rules, pending review by the U.S. Court of Appeals for the Eighth Circuit, where the litigation had been consolidated and is currently being held in abeyance until the SEC reconsiders the final rule or renews its defense. While it currently appears unlikely these rules will become effective as issued, to the extent such rules do become effective, we and/or our partners could incur increased costs related to the assessment and disclosure of climate-related information. Our failure to comply with these requirements, if adopted, or any future regulatory requirements or disclosure standards, may expose us to government enforcement actions or private litigation and otherwise damage our reputation, any of which could adversely impact our business.

Conversely, other stakeholders hold differing views on sustainability-related goals and initiatives. Certain state governments and activist groups, as well as the current Presidential Administration through a series of executive orders and other actions, have pursued measures that appear designed to discourage companies from engaging in ESG practices or adhering to certain ESG principles. The complex regulatory and legal frameworks applicable to such actions or measures continue to evolve. We cannot be certain of the impact of such regulatory, legal and other developments on our business.

These dynamic, and sometimes conflicting, circumstances may result in pressure from investors, unfavorable reputational impacts, including inaccurate perceptions or misrepresentation of our actual business practices, diversion of management’s attention and resources, potential proxy fights, and litigation or investigations initiated by government authorities or private actors alleging that our activities are anti-competitive, discriminatory or otherwise unlawful, among other adverse impacts. Any failure, or perceived failure, by us to adhere to our public statements, comply fully with developing interpretations of sustainability-related laws and regulations, or meet evolving and varied stakeholder expectations and standards could negatively impact our business, reputation, operating results and financial condition.

Our Board-approved sustainability strategy, which focuses on opportunities to create value for all our stakeholders, while advancing our long-term financial and reputational goals, is intended to drive additional progress on initiatives that promote sustainability, responsible business practices and increased transparency in our disclosures. We continue to advance the integration of sustainability into our overall governance and risk management practices. Statements in this and other filings we make with the SEC and other public statements, including in our annual sustainability reporting, related to these initiatives reflect our current plans and expectations and are not a guarantee that these initiatives will be achieved or achieved on the currently anticipated timeline. Our ability to execute on our sustainability strategy or achieve sustainability initiatives is subject to numerous factors and conditions, many of which are outside of our control.

Damage to our reputation could damage our business.

Maintaining a positive reputation is critical to attracting and retaining partners, customers, investors and employees. Damage to our reputation can therefore cause significant harm to our business and prospects. Harm to our reputation can arise from numerous sources, including, among others:

• employee misconduct;

• a breach of our or our service providers’ cybersecurity defenses;

• service outages;

• litigation or regulatory outcomes;

• stockholder activism;

• failing to deliver minimum standards of service and quality;

• compliance failures;

• the use of our, or our partners’ products to facilitate legal, but controversial, products and services; and

• the activities of customers, business partners and counterparties.

Tabl e of Contents

Social media also can cause harm to our reputation. By its very nature, social media can reach a wide audience in a very short amount of time, which presents unique challenges for corporate communications. Negative or otherwise undesirable publicity generated through unexpected social media coverage can damage our reputation and brand. Negative publicity regarding us, whether or not true, may result in customer attrition and other harm to our business prospects. There has also been increased focus on topics related to environmental, social and governance policies, and criticism of our policies in these areas could also harm our reputation and/or potentially limit our access to some forms of capital or liquidity.

Liquidity, Market and Credit Risks

Adverse financial market conditions or our inability to effectively manage our funding and liquidity risk could have a material adverse effect on our business, liquidity and ability to meet our debt service requirements and other obligations.

We need to effectively manage our funding and liquidity in order to meet our cash requirements such as day-to-day operating expenses, extensions of credit to our customers, investments to grow our business, payments of principal and interest on our borrowings and payments on our other obligations. Our primary sources of liquidity include cash generated from operating activities, our credit facility, issuances of senior unsecured, subordinated or convertible debt securities and preferred stock, financings through our securitization programs, and deposits with the Banks. If we do not have sufficient liquidity, we may not be able to meet our debt service requirements and other obligations, particularly during a liquidity stress event. If we maintain or are required to maintain too much liquidity, it could be costly and reduce our financial flexibility.

We will need additional financing in the future to repay or refinance our existing debt at maturity, or otherwise, and to fund our growth. As of the date of this Annual Report on Form 10-K, we had outstanding $500 million of 6.750% senior notes due in 2035 and $400 million of 8.375% subordinated notes due in 2035. The availability of additional financing will depend on a variety of factors such as financial market conditions generally, including the availability of credit to the financial services industry and our lender counterparties’ willingness to lend to us, consumers’ willingness to place money on deposit with us, our performance and credit ratings and the performance of our securitized portfolios. As an example of circumstances impacting our lenders’ willingness to lend, U.S. federal banking regulators proposed new rules in July 2023, commonly referred to as the Basel III “Endgame” or B3E, which would significantly revise the capital requirements applicable for large banking organizations with total assets of $100 billion or more. Following initial consultation, federal banking regulators are in the process of reproposing rules implementing B3E, targeting a new proposal in 2026 and phase-in several years later. The future of B3E implementation remains uncertain. While the proposed B3E rules would not directly apply to us because we are under the $100 billion asset threshold, most of our institutional lenders would be subject to the enhanced capital requirements under B3E, which could limit their lending capacity available to lend to us and other borrowers. Disruptions, uncertainty or volatility in the capital, credit or deposit markets, such as the uncertainty and volatility experienced in the capital and credit markets during recessions and periods of financial stress, may limit our ability to obtain additional financing or refinance maturing liabilities on desired terms (including funding costs) in a timely manner, or at all. As a result, we may be forced to delay obtaining funding or be forced to issue or raise funding on undesirable terms, which could significantly reduce our financial flexibility and cause us to contract or not grow our business, all of which could have a material adverse effect on our results of operations and financial condition.

The debt markets may be volatile for a number of reasons, including due to the interest rate environment, macroeconomic conditions and political events and uncertainties, and there can be no assurance that significant disruptions, uncertainties and volatility will not occur in the future. Specifically, availability of capital from the non-investment grade debt markets may be subject to significant volatility, and there can be no assurance that we will be able to access those markets at attractive rates, or at all. It is possible that we will be required to repay or refinance some or all of our maturing debt in volatile and/or unfavorable markets. If we are unable to continue to fund our business operations, access capital markets for debt refinancings and otherwise, and attract deposits on favorable terms and in a timely manner, or if we experience an increase in our borrowing costs or otherwise fail to manage our liquidity effectively, our results of operations and financial condition may be materially adversely affected.

If we are unable to securitize our credit card loans due to changes in the market or other circumstances or events, we may not be able to fund new credit card loans, which would have a material adverse effect on our operations and profitability.

A significant source of funding is our securitization of credit card loans, which involves the transfer of credit card loans to a trust, and the issuance by the trust of notes to third-party investors collateralized by the beneficial interest in the

Tabl e of Contents

transferred credit card loans. A number of factors affect our ability to fund our credit card loans in the securitization market, some of which are beyond our control, including:

• conditions in the securities markets in general and the asset-backed securitization market in particular;

• availability of loans for securitization;

• conformity in the quality of our credit card loans to rating agency requirements and changes in that quality or those requirements;

• costs of securitizing our credit card loans;

• ability to fund required over-collateralization or credit enhancements, which are routinely used to achieve better credit ratings to lower borrowing cost; and

• the legal, regulatory, accounting or tax rules affecting securitization transactions and asset-backed securities, generally.

Moreover, as a result of Basel III, which refers generally to a set of regulatory reforms adopted in the U.S. and internationally that are meant to address issues that arose in the banking sector during the 2008-2010 financial crisis, banks have become subject to more stringent capital, liquidity and leverage requirements. In response to Basel III, certain lenders of private placement commitments within our securitization trusts have sought and obtained amendments to their respective transaction documents permitting them to delay disbursement of funding increases by up to 35 days. Although funding may be requested from other lenders who have not delayed their funding, access to financing could be disrupted if all of the lenders implement such delays or if the lending capacities of those who did not do so were insufficient to make up the shortfall. Furthermore, if adopted in its current form, the B3E rules would generally require large U.S. banking organizations to maintain higher levels of capital than under the current Basel III requirements. These higher capital requirements could cause our institutional lenders to reduce their lending activities and increase our securitization trusts’ borrowing costs. For example, excess spread may be affected if a securitization trust’s borrowing costs increase as a result of the proposed B3E changes to existing capital requirements. Such cost increases may result, for example, because the investors are entitled to indemnification for increased costs resulting from such regulatory changes, such as increased capital requirements. The future of B3E implementation remains uncertain.

The inability to securitize credit card loans due to changes in the market, regulatory proposals, the unavailability of credit enhancements, or any other circumstance or event would have a material adverse effect on our operations, cost of funds and overall financial condition.

The occurrence of events that result in the early amortization of our existing credit card securitization transactions or an inability to delay the accumulation of principal collections for our existing credit card securitization transactions would materially adversely affect our liquidity.

Our liquidity and cost of funds would be materially adversely affected by the occurrence of events that could result in the early amortization of our existing credit card securitization transactions. Early amortization events may occur as a result of certain adverse events specified for each asset-backed securitization transaction, including, among others, deteriorating asset performance or material servicing defaults. In addition, certain series of funding securities issued by our securitization trusts are subject to early amortization based on triggers relating to the bankruptcy of one or more retailers or other partners. Deteriorating economic conditions and increased competition in the retail industry, among other factors, may lead to an increase in bankruptcies among retailers who have entered into credit card programs with us. The bankruptcy of one or more retailers or other partners could lead to a decline in the amount of new loans and could lead to increased delinquencies and defaults on the associated loans. Any of these effects of a partner bankruptcy could result in the commencement of an early amortization for one or more series of such funding securities, particularly if such an event were to occur with respect to a retailer or other partner relating to a large percentage of such securitization trust’s assets. The occurrence of an early amortization event may significantly limit our ability to securitize additional loans and materially adversely affect our liquidity.

Lower payment rates on our securitized credit card loans could materially adversely affect our liquidity and financial condition .

Certain collections from our securitized credit card loans come back to us through our subsidiaries, and we use these collections to fund the purchase of newly originated loans to collateralize our securitized financings. If payment rates on our securitized credit card loans are lower than they have historically been, fewer collections will be remitted to us on an ongoing basis. Further, certain series of our asset-backed securities include a requirement that we accumulate principal collections in a restricted account for a specified number of months prior to the applicable security’s maturity date. We are

Tabl e of Contents

required under the program documents to lengthen this accumulation period to the extent we expect the payment rates to be low enough that the current length of the accumulation period is inadequate to fully fund the restricted account by the applicable security’s maturity date. Lower payment rates, and in particular payment rates that are low enough that we are required to lengthen our accumulation periods, could materially adversely affect our liquidity and financial condition.

Inability to grow or maintain our deposit levels in the future could have a material adverse effect on our liquidity, ability to grow our business and profitability.

A significant source of our funding is through customer deposits, primarily in the form of certificates of deposit and other savings products. We obtain deposits directly from retail customers or through brokerage firms that offer our deposit products to their customers. In recent years, deposits have become an increasingly important source of funds for us, with, for example, our DTC deposits growing 11% from $7.7 billion as of December 31, 2024 to $8.5 billion as of December 31, 2025, and average DTC deposits representing 48% of our total funding sources, which is comprised of retail and wholesale deposits, and secured and unsecured borrowings. Our funding strategy includes continued growth of our liquidity through deposits. The deposit business continues to experience intense competition in attracting and retaining deposits. We compete on the basis of the rates we pay on deposits, the quality of our customer service and the competitiveness of our digital banking capabilities. Our ability to attract and maintain retail deposits remains highly dependent on the products we offer, the strength of our Banks, the reputability of our business practices and our financial health. Adverse perceptions regarding our lending practices, regulatory compliance, protection of customer information or sales and marketing practices, or actions taken by regulators or others with respect to our Banks, could impede our competitive position in the deposits market. Furthermore, the failures of other financial institutions (such as those of Silicon Valley Bank and Signature Bank in early 2023) or broader concerns about the financial services industry may cause deposit outflows as customers spread deposits among several different banks so as to maximize their amount of FDIC insurance, move deposits to banks deemed “too big to fail” or remove deposits from the banking system entirely.

The demand for the deposit products we offer may also be reduced due to a variety of factors, including macroeconomic events, changes in interest rates, changes in consumers’ preferences, demographics or discretionary income, regulatory actions that decrease consumer access to particular products or the development or availability of competing products. Competition from other financial services firms and others that use deposit funding products may affect deposit renewal rates, costs or availability. Conversely, any adjustments we make to the rates offered on our deposit products to remain competitive may adversely affect our liquidity or our profitability.

The FDIA prohibits an insured bank from offering interest rates on any deposits that significantly exceed rates in its prevailing market, unless it is “well capitalized.” A bank that is less than “well capitalized” may not pay an interest rate on any deposit in excess of 75 basis points over certain prevailing market rates. There are no such restrictions under the FDIA on a bank that is “well capitalized” and as of December 31, 2025, each of our Banks met or exceeded all applicable requirements to be deemed “well capitalized” for purposes of the FDIA. However, there can be no assurance that our Banks will continue to meet those requirements. Any limitation on the interest rates our Banks can pay on deposits may competitively disadvantage us in attracting and retaining deposits, resulting in a material adverse effect on our business.

The FDIA also prohibits an insured bank from accepting brokered deposits, unless it is “well capitalized” or it is “adequately capitalized” and receives a waiver from the FDIC. Limitations on our Banks’ ability to accept brokered deposits for any reason (including regulatory limitations on the volume of brokered deposits in total or as a percentage of total assets) in the future could materially adversely impact our liquidity, funding costs and profitability. In December 2020, the FDIC updated its regulations that implement Section 29 of the FDIA to establish a new framework for analyzing whether certain deposit arrangements qualify as brokered deposits. This brokered deposit rule establishes bright-line standards for determining whether an entity meets the statutory definition of “deposit broker” and a consistent process for application of the primary purpose exception. All deposits on the Consolidated Balance Sheets of our Banks categorized as non-brokered in accordance with the current regulations mentioned above comply with all application requirements of those regulations. In the third quarter of 2024, the FDIC published in the Federal Register a proposed rule that, if finalized as proposed, would have expanded the scope of deposits that constitute “brokered deposits” and therefore could potentially have caused certain of our present or prospective deposits to be treated as brokered. The FDIC withdrew this proposed rule in March 2025.

As of December 31, 2025, we had $13.9 billion in deposits, with approximately $7.7 billion in non-maturity savings deposits and approximately $6.2 billion in certificates of deposit. If, for whatever reason, we are unable to grow or maintain our deposit levels, our liquidity, ability to grow our business and profitability could be materially adversely affected.

Tabl e of Contents

Our level of indebtedness could materially adversely affect our ability to generate sufficient cash to repay our outstanding debt, and our ability to react to changes in our business and our incurrence of additional indebtedness to fund future needs could exacerbate these risks.

Our level of indebtedness requires a high level of interest and principal payments. Subject to the limits contained in our credit agreement, the indenture governing our senior notes and our other debt instruments, we may be able to incur substantial additional indebtedness from time to time to finance working capital, capital expenditures, investments or acquisitions, or for other purposes. If we do so, the risks related to our level of indebtedness could intensify. Our level of indebtedness increases the possibility that we may be unable to generate cash sufficient to pay, when due, the principal of, interest on or other amounts due in respect of our indebtedness. Our level of indebtedness, combined with our other financial obligations and contractual commitments, could:

• make it more difficult for us to satisfy our obligations with respect to our indebtedness, and any failure to comply with the obligations under any of our debt instruments, including restrictive covenants, could result in an event of default under our credit agreement, the indenture governing our senior notes and the agreements governing our other indebtedness;

• require us to dedicate a substantial portion of our cash flow from operations to payments on our indebtedness, thereby reducing funds available for working capital, capital expenditures, acquisitions or other new business and other corporate purposes;

• increase our vulnerability to adverse economic and industry conditions, which could place us at a competitive disadvantage or require us to dispose of assets to raise funds if needed for working capital or to pay, when due, the principal of, interest on or other amounts due in respect of our indebtedness;

• limit our flexibility in planning for, or reacting to, changes in our business and the industries in which we and our brand partners operate;

• limit our ability to borrow additional funds, or to dispose of assets to raise funds, if needed, for working capital, capital expenditures, acquisitions or other new business and other corporate purposes;

• delay or abandon investments and capital expenditures;

• cause any refinancing of our indebtedness to be at higher interest rates and require us to comply with more onerous covenants, which could further restrict our business operations; and

• prevent us from raising the funds necessary to repurchase all senior notes tendered to us upon the occurrence of certain changes of control.

Restrictions imposed by the indenture governing our senior notes, our credit agreement and our other outstanding or future indebtedness may limit our ability to operate our business and to finance our future operations or capital needs or to engage in other business activities.

The terms of the indenture governing our senior notes, our credit agreement and agreements governing our other debt instruments limit us and our subsidiaries from engaging in specified types of transactions. These covenants limit our and our subsidiaries’ ability, among other things, to:

• incur additional debt;

• declare or pay dividends, redeem stock or make other distributions to stockholders;

• make investments;

• create liens or use assets as security in other transactions;

• merge or consolidate, or sell, transfer, lease or dispose of substantially all of our assets;

• enter into transactions with affiliates;

• sell or transfer certain assets; and

• enter into any consensual encumbrance or restriction on the ability of certain of our subsidiaries to pay dividends or make loans or sell assets to us.

As a result of these covenants and restrictions, we may be limited in how we conduct our business, and we may be unable to raise additional indebtedness to compete effectively or to take advantage of new business opportunities. The terms of any future indebtedness we may incur could include more restrictive covenants. We cannot assure that we will be able to maintain compliance with these covenants in the future. If we fail to comply with such covenants, we may not be able to obtain waivers of non-compliance from the lenders and/or amend the covenants so that we are in compliance therewith.

Tabl e of Contents

Any reduction in our credit ratings could increase the cost of our funding from, and restrict our access to, the capital markets and have a material adverse effect on our results of operations and financial condition.

Ratings of our debt are based on a number of factors, including financial strength, as well as factors not within our control, including conditions affecting the financial services industry, and the macroeconomic environment. Our ratings or outlook could be downgraded at any time and without any notice by any of the rating agencies, which could, among other things, adversely limit our access to the capital markets and adversely affect the cost and other terms upon which we are able to obtain funding. Our ability to raise funding through the securitization market also depends, in part, on the credit ratings of the securities we issue from our securitization trusts. If we are not able to satisfy rating agency requirements to confirm the ratings of our asset-backed securities, it could limit our ability to access the securitization markets. In addition, ratings issued by a ratings agency may differ as among different securities, and ratings issued for the same security may differ as among the different issuing ratings agencies.

Changes in market interest rates could negatively affect our profitability.

Changes in market interest rates cause our finance charges and our interest expense to increase or decrease, as certain of our assets and liabilities carry interest rates that fluctuate with market rates. We fund Credit card and other loans with a combination of fixed rate and floating rate funding sources that include deposits and securitized financings. We also have unsecured debt that is subject to variable interest rates, and we may in the future incur additional debt and/or issue preferred equity that may rely on variable interest rates.

The interest rate benchmark for most of our floating rate assets is the Prime rate, and the interest rate benchmark for our floating rate liabilities is generally either the Secured Overnight Financing Rate (SOFR) or the Federal funds rate. The Prime rate and SOFR or the Federal funds rate could reset at different times or could diverge, leading to mismatches in the interest rates on our floating rate assets and floating rate liabilities. Interest rates are highly sensitive to many factors that are beyond our control, including general economic conditions, the competitive environment within our markets, consumer preferences for specific loan and deposit products, and policies of various governmental and regulatory agencies, in particular the Federal Reserve. Changes in monetary policy, including changes in interest rates being applied by the Federal Reserve, could influence the amount of interest we receive on our Credit card and other loans and the amount of interest we pay on deposits and borrowings. As a result, the amount of interest we pay on our credit facilities may be difficult to predict.

If the interest we pay on deposits and other borrowings increases at a faster rate than the interest we receive on our Credit card and other loans, our profitability would be adversely affected. Conversely, our profitability could also be adversely affected if the interest we receive on our Credit card and other loans falls more quickly than the interest we pay on deposits and other borrowings.

Future sales of our common stock, or the perception that future sales could occur, may adversely affect our common stock price.

As of February 6, 2026, we had an aggregate of 149,509,403 shares of our common stock authorized but unissued and not reserved for specific purposes. In general, we may issue all of these shares without any action or approval by our stockholders. We have reserved 8,320,451 shares of our common stock for issuance under our employee stock purchase plan and our long-term incentive plans, of which 1,052,261 shares have been issued and 2,696,814 shares are issuable upon vesting of restricted stock awards and restricted stock units. We have reserved for issuance 1,500,000 shares of our common stock, 107,291 of which remain issuable, under our 401(k) Plan as of December 31, 2025. In addition, we may issue shares of our common stock in connection with acquisitions. Sales or issuances of a substantial number of shares of common stock, or the perception that such transactions could occur, could adversely affect prevailing market prices of our common stock, and any sale or issuance of our common stock will dilute the ownership interests of existing stockholders.

The market price and trading volume of our common stock may be volatile and our stock price could decline.

The trading price of shares of our common stock has from time to time fluctuated widely and, in the future, may be subject to similar fluctuations. The trading price of our common stock may be affected by a number of factors, including our operating results, changes in our earnings estimates, additions or departures of key personnel, our financial condition, legislative, executive and regulatory changes, monetary and fiscal policy, general conditions in the industries in which we and our brand partners operate, general economic conditions, and general conditions in the securities markets. Other risks described in this Annual Report on Form 10-K could also materially adversely affect our share price.

Tabl e of Contents

There is no guarantee that we will pay future dividends or repurchase shares of our stock at a level anticipated by stockholders, which could reduce returns to our stockholders. Decisions to declare future dividends on or repurchase our stock will be at the discretion of our Board of Directors based upon a review of relevant considerations and restrictions imposed by the terms of our outstanding preferred stock.

Since October 2016, our Board of Directors has declared quarterly cash dividend payments on our outstanding common stock. We issued our inaugural series of publicly-traded preferred stock in November 2025, and we expect to pay our first quarterly dividend payment on our preferred stock in March 2026. Future declarations of quarterly dividends and the establishment of future record and payment dates on our common and preferred stock are subject to approval by our Board of Directors. The Board’s determination to declare dividends on, or repurchase shares of, our stock will depend upon our profitability and financial condition, contractual restrictions, restrictions imposed by applicable laws and regulations, including those governing our Banks’ ability to pay dividends and make distributions or other payments to us, and other factors that the Board of Directors deems relevant. Based on an evaluation of these factors, the Board of Directors may determine in the future not to declare dividends at all, to declare dividends at a reduced amount, not to repurchase shares or to repurchase shares at reduced levels compared to historical levels, any or all of which could reduce returns to our stockholders. Further, under the terms of our outstanding preferred stock, our ability to declare, pay or set aside any payment for dividend or distribution on our common stock, or repurchase, redeem or otherwise acquire for consideration, directly or indirectly, any shares of our common stock, is subject to restrictions in the event that we do not declare and either pay or set aside a sum sufficient for payment of dividends on our preferred stock for the immediately preceding dividend period.

In preparing our financial statements we make certain assumptions, judgments and estimates that affect amounts reported in our audited Consolidated Financial Statements, which, if not accurate, may significantly impact our financial results.

We make assumptions, judgments and estimates in determining the Allowance for credit losses, accruals for employee-related liabilities, accruals for uncertain tax positions, valuation allowances on deferred tax assets and legal contingencies. We also make assumptions, judgments and estimates for items such as the fair value of financial instruments, any impairment of goodwill, long-lived assets and other prepaid or intangible assets, the fair value of stock awards, as well as the recognition of revenue. These assumptions, judgments and estimates are drawn from historical experience and various other factors that we believe are reasonable under the circumstances as of the date of the audited Consolidated Financial Statements. Actual results could differ materially from our estimates as a result of adverse impacts from various factors, including regulatory or legislative changes, unexpected developments in legal contingencies, or if future macroeconomic conditions or future operating results differ significantly from our current assumptions, and such differences could significantly impact our financial results.

Legal, Regulatory and Compliance Risks

Our business is subject to extensive and evolving government regulation and supervision, which could materially adversely affect our results of operations and financial condition.

We, primarily through our Banks and certain non-bank subsidiaries, are subject to extensive federal and state regulation, supervision and examination by regulators, including the FDIC, the Delaware Office of the State Bank Commissioner, the Utah Department of Financial Institutions, and the CFPB. Banking and consumer financial protection laws and regulations are intended to protect consumers, depositors’ funds, the DIF, and the safety and soundness of the banking system as a whole, not stockholders and non-deposit creditors. These laws and regulations affect our lending practices, capital structure, investment practices, dividend policy and growth, among other things. Federal and state legislative bodies and regulatory agencies continually review banking laws, regulations and policies for possible changes. Compliance with laws and regulations can be difficult and costly, and changes to laws and regulations, as well as increased intensity in supervision, often impose additional compliance costs. The scope of the laws and regulations and the intensity of the supervision to which we are subject have increased in recent years, initially in response to the 2008-2010 financial crisis, and more recently in light of other factors such as technological and market changes and the high-profile bank failures in the first half of 2023. We believe that regulatory enforcement and fines have also increased across the banking and financial services sector.

Further, while the current Presidential Administration and the congressional majorities in the U.S. Senate and House of Representatives have supported reducing the regulatory burden, the scope of legislation, executive action and regulation and the intensity of supervision will likely remain uncertain in the current regulatory and political environments at both the

Tabl e of Contents

federal and state levels, including with respect to late fees and credit card interest rates. Moreover, in certain cases, uncertainty at the federal level has prompted a rise in state lawmakers, regulators and attorneys general taking more active roles in consumer finance regulation and enforcement, potentially creating a complex regulatory patchwork in areas such as interchange fees, credit card reward programs and other matters. Such changes could subject us to additional costs, limit the types of financial services and products we may offer, and/or limit what we may charge for certain banking services, among other things.

Examples of federal and state legislation that we track include legislation intended to place caps on the interest rates that we and other financial institutions are permitted to charge. For instance, in 2023, Colorado passed a law (initially scheduled to be effective July 2024) to “opt out” of the national standard interest rate for interstate loans by state-chartered banks as provided by federal law in the Depository Institutions Deregulation and Monetary Control Act (DIDMCA). By opting out of DIDMCA, Colorado would have the ability to regulate and limit interest rates on loans “made in” Colorado, and the Colorado law would generally cap interest rates at 21% and late fees at $15 with a 10-day grace period. In June 2024, the U.S. District Court for the District of Colorado preliminarily enjoined Colorado from enforcing the interest rates in the Colorado Uniform Consumer Credit Code with respect to any loan made by the plaintiffs’ members to the extent the loan is not made by a lender in Colorado and the applicable interest rate in 12 U.S.C. 1831d(a) exceeds the rate that would otherwise be permitted. In November 2025, the U.S. Court of Appeals for the Tenth Circuit reversed the District Court’s preliminary injunction, concluding that “made in” encompasses loans in which either the lender or the borrower is located in Colorado, meaning that Colorado could impose interest-rate caps on loans made by out-of-state banks to Colorado borrowers. The plaintiffs in the litigation (who are opposing the Colorado law) are challenging this ruling.

Legislatures in other states have proposed similar laws in the past and may again in the future. We cannot provide any assurance as to the final outcome of this or other similar proposed or future legislation in other states, any of which would have an adverse effect on our business and results of operations. While still subject to potential reversal, the recent Tenth Circuit decision could also encourage other states to adopt similar legislation. In addition, President Trump and various federal legislators have also made public statements regarding potential efforts to place caps on credit card interest rates, and a bill was introduced in the U.S. Senate in February 2025 proposing to cap credit card interest rates at 10% for a period of five years. Most recently, in January 2026, President Trump made public statements on social media and elsewhere in support of placing a cap of 10% on credit card interest rates for a one-year period. The likelihood of any such cap being effectuated in any new executive action, legislation or regulation remains uncertain, but any such cap on interest rates would significantly limit our ability to extend credit to certain of our customers and would have a material adverse effect on our business, results of operations and financial condition.

In connection with their continuous supervision and examinations of us, the FDIC, CFPB and/or other regulatory agencies may require changes in our business or operations. Any such changes may be judicially enforceable and in some cases, regardless of fault, it may be less time-consuming or costly to settle these matters, which may require us to implement certain changes to our business practices, provide remediation to certain individuals or make a settlement payment to a given party or regulatory body. We may also become subject to formal or informal enforcement and other supervisory actions, including memoranda of understanding, written agreements, cease-and-desist orders, and prompt-corrective-action or safety-and-soundness directives. For example, in late November 2023, the FDIC issued a consent order to one of our subsidiaries, Comenity Servicing LLC, arising out of the June 2022 transition of our credit card processing services to strategic outsourcing partners, and in August 2024 each of our Banks entered into an agreement with the FDIC to pay civil money penalties (CMPs) of $1 million per Bank, also related to the June 2022 transition. For additional information regarding this consent order, see “Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) — Legislative, Regulatory Matters and Capital Adequacy.” Regulatory authorities have extensive discretion in their supervisory and enforcement actions. Supervisory actions could entail significant restrictions on our existing business, our ability to develop new business, our flexibility in conducting operations, and our ability to pay dividends or utilize capital. Enforcement and other supervisory actions also can result in the imposition of civil monetary penalties or injunctions, related litigation by private plaintiffs, damage to our reputation, and a loss of customer or investor confidence. We could be required, as well, to dispose of specified assets and liabilities within a prescribed time-frame. As a result, any enforcement or other supervisory action could have an adverse effect on our business, results of operations, financial condition and prospects.

In addition, changes in the regulatory and supervisory environments could adversely affect us in substantial and unpredictable ways, including by limiting the types of financial services and products we may offer, enhancing the ability of others to offer more competitive financial services and products, restricting our ability to make acquisitions or pursue other profitable opportunities, and negatively impacting our results of operations and financial condition. Changes in the

Tabl e of Contents

prevailing interpretations of federal or state laws and related regulations could also invalidate or call into question the legality of certain of our services and business practices.

Our failure to comply with the laws, executive actions, regulations, and supervisory actions to which we are subject, even if the failure is inadvertent or reflects a difference in interpretation, could subject us to fines, other penalties, and restrictions on our business activities, any of which could adversely affect our business, results of operations, financial condition, cash flows, capital base, and the price of our securities.

See “Item 1. Business — Supervision and Regulation” for more information about certain laws and regulations to which we are subject and their impacts on us.

Litigation and other actions and disputes could subject us to significant fines, penalties, judgments and/or requirements resulting in significantly increased expenses, damage to our reputation and/or a material adverse effect on our business.

Businesses in the financial services and payments industry have historically been, and continue to be, subject to significant legal actions, including class action lawsuits. Many of these actions have included claims for substantial compensatory or punitive damages; for example, in November 2025, a jury found that we should be required to pay punitive damages in an action against us under the Fair Credit Reporting Act (FCRA), with the punitive damages amount far exceeding the actual damages awarded the plaintiff; provided that the amount of any punitive damages in this case remains subject to determination by the trial court judge.. While we have historically relied on our arbitration clause (which includes a class action waiver) in agreements with customers to limit our exposure to class action litigation, there can be no assurance that we will always be successful in enforcing our arbitration clause in the future. For instance, a plaintiff might prove that she/he did not accept our account terms and conditions (e.g., in an identity theft claim under the FCRA or in a claim under the Military Lending Act, which prohibits an arbitration requirement). There may also be legislative, regulatory or other efforts to limit or eliminate the use of arbitration clauses or class action waivers, and if our arbitration provisions are found to be unenforceable or are otherwise limited or eliminated, our exposure to class action litigation could increase significantly. Further, e ven if our arbitration clause remains enforceable, we may be subject to mass arbitrations in which large groups of consumers bring arbitrations against us simultaneously. Given the inherent uncertainties involved in litigation, and the very large or indeterminate damages sought in some matters asserted against us, there is significant uncertainty as to the ultimate liability we may incur from litigation. Claims and legal actions could involve significant defense costs and reputational damage, and the time-consuming nature of legal proceedings can divert senior management attention from the business. For additional detail regarding the litigation matters filed against us in connection with our spinoff of LVI in 2021, see “ Risk Factors—Risks Related to the LoyaltyOne Spinoff” and Note 20, “Commitments and Contingencies” to our audited Consolidated Financial Statements.

In addition to litigation and regulatory matters, from time to time, through our operational and compliance controls, we identify compliance issues that require us to make operational changes and, depending on the nature of the issue, result in financial remediation to impacted cardholders. These self-identified issues and voluntary remediation payments could be significant depending on the issue and the number of cardholders impacted. They also could generate litigation or regulatory investigations that subject us to additional adverse effects on our business, results of operations and financial condition.

Our Banks are subject to extensive federal and state regulation that may restrict their ability to make cash available to us and may require us to make capital contributions to them.

Although not a bank holding company as defined under the BHC Act, Bread Financial Holdings, Inc. is our parent holding company and, as such, depends on dividends, distributions and other payments from subsidiaries, particularly our Banks, to fund dividend payments, any potential share repurchases, payment obligations, including debt obligations, and to provide funding and capital, as needed, to our other operating subsidiaries. Federal and state laws and regulations extensively regulate the operations of our Banks, including to limit the ability of the Banks to pay dividends or make other distributions to us. Many of these laws and regulations are intended to maintain the safety and soundness of our Banks, and they impose significant restraints on them to which other non-regulated entities are not subject.

Our Banks must maintain minimum amounts of regulatory capital. If the Banks do not meet these capital requirements, their respective regulators have broad discretion to institute a number of corrective actions that could have a direct material effect on our liquidity, ability to grow our business and financial condition. To pay any dividend, the Banks must each maintain adequate capital above regulatory guidelines. Accordingly, neither CB nor CCB may be able to make any of their cash or other assets available to us, including to service our indebtedness. If either of our Banks were to fail to meet any of

Tabl e of Contents

the capital requirements to which it is subject, we may be required to provide them with additional capital, which could also impair our ability to fund dividend payments, any potential share repurchases and our payment obligations, including servicing our indebtedness.

In addition, under the “Source of Strength” doctrine, we are required to serve as a source of financial strength to our Banks and may not conduct our operations in an unsafe or unsound manner. Under these requirements, in the future, we could be required to provide financial assistance to our Banks if the Banks experience financial distress. This support may be required at times when we might otherwise have determined not to provide it or when doing so is not otherwise in our interests or the interests of our stockholders or creditors.

If legislative attempts to amend the BHC Act to eliminate the exclusion of credit card banks or industrial loan companies from the definition of “bank” are successful, or if we voluntarily take such action that results in the Parent Company becoming a federally-regulated BHC, we would become subject to additional regulation applicable to BHCs, which could increase our compliance and regulatory costs and have other effects that could be materially adverse to our business.

Legislation is periodically introduced that would eliminate the exception for industrial loan companies and other “non-bank banks” from the definition of “bank” in the BHC Act. If such legislation were enacted without any grandfathering of or accommodations for existing institutions, we could be required to become a BHC.

If we were required to become a BHC, or if we voluntarily take such action that results in the Parent Company becoming a federally-regulated BHC, we and our non-bank subsidiaries would be subject to supervision, regulation and examination by the FRB. We would be required to provide annual reports and such additional information as the FRB may require pursuant to the BHC Act, and applicable regulations. In addition, we would be subject to consolidated regulatory capital requirements.

Pursuant to provisions of the BHC Act and regulations promulgated by the FRB thereunder, a BHC may only engage in, or own companies that engage in, activities deemed by the FRB to be permissible for BHCs. Activities permissible for BHCs are those that are so closely related to the business of banking or managing or controlling banks as to be a proper incident thereto. If a BHC and its subsidiary insured depository institutions are well capitalized, well managed, and have satisfactory CRA ratings, it may submit an election to the FRB to become an FHC. Permissible activities for FHCs include those “so closely related to banking as to be a proper incident thereto” as well as certain additional activities deemed “financial in nature or incidental to such financial activity” or complementary to a financial activity and that do not pose a substantial risk to the safety and soundness of the depository institution or the financial system. If we were required to become a BHC, we may be required to modify or discontinue certain of our business activities, which may materially adversely affect our results of operations and financial condition.

We may not realize the expected benefits of the pending merger of our subsidiary Banks.

Realization of the potential benefits contemplated by the planned internal merger of CCB and CB, with CCB as the surviving entity, depend on a number of factors, including regulatory approval of state and federal banking agencies, as well as our ability to timely and successfully integrate the operations of the merging subsidiaries into a single bank operation. As a result, we may not be successful in realizing the expected operational and financial benefits of the pending merger of our subsidiary Banks, and we may experience other adverse consequences, including the diversion of management’s attention from other business concerns and unforeseen legal, regulatory or other challenges that we may not be able to manage effectively.

Increases in FDIC insurance premiums may have a material adverse effect on our results of operations.

We are generally unable to control the amount of premiums that are required to be paid for FDIC insurance. If there are bank or financial institution failures, or changes in the method for calculating premiums, we may be required to pay significantly higher premiums than the levels currently imposed or additional special assessments or taxes that could adversely affect our earnings. Any future increases or required prepayments in FDIC insurance premiums may materially adversely affect our results of operations.

Tabl e of Contents

Noncompliance with the Bank Secrecy Act and other anti-money laundering statutes and regulations could cause us material financial loss.

The Bank Secrecy Act and the USA PATRIOT Act contain anti-money laundering and financial transparency provisions intended to detect and prevent the use of the U.S. financial system for money laundering and terrorist financing activities. The Bank Secrecy Act, as amended by the USA PATRIOT Act, requires depository institutions and their holding companies to undertake activities including maintaining an anti-money laundering program, verifying the identity of partners and customers, monitoring for and reporting suspicious transactions, reporting on cash transactions exceeding specified thresholds, and responding to requests for information by regulatory authorities and law enforcement agencies. The Financial Crimes Enforcement Network (FinCEN), a unit of the Treasury Department that administers the Bank Secrecy Act, is authorized to impose significant civil money penalties for violations of those requirements and has recently engaged in coordinated enforcement efforts with the Federal Banking Agencies , as well as the U.S. Department of Justice, Drug Enforcement Administration, and Internal Revenue Service (IRS). We are also subject to scrutiny of compliance with the rules enforced by the OFAC, which may require sanctions for dealing with certain persons or countries. We cannot provide assurance that our programs and controls will be effective to ensure our compliance with all applicable anti-money laundering and anti-terrorism financing laws and regulations, and our failure to comply could subject us to significant sanctions, fines, penalties and reputational harm, all of which could have a material adverse effect on our business, results of operations and financial condition.

Regulation in the areas of privacy, data protection, data governance, and cyber security could increase our costs and affect or limit our business opportunities and how we collect and/or use Personal Information, and any actual or perceived failure to comply with any of these new or existing laws could adversely affect our business, results of operations, or financial condition.

In connection with running our business, we receive, store, use and otherwise process information that relates to individuals and/or constitutes “personal data,” “personal information,” “personally identifiable information,” “nonpublic personal information” or similar terms under applicable data privacy laws (collectively, Personal Information), including from and about actual and prospective customers, as well as our employees and business contacts. We are therefore subject to a variety of federal and state laws, regulations and other requirements relating to the privacy, security and handling of Personal Information. For example, the CCPA and related laws in other jurisdictions require us, among other requirements, to adhere to certain disclosure restrictions and deletion obligations with respect to the Personal Information of their residents, and allow for penalties for violations and, in some cases, a private right of action. The GLBA includes both a “Privacy Rule,” which imposes obligations on financial institutions relating to the use or disclosure of nonpublic personal information, and a “Safeguards Rule,” which imposes obligations on financial institutions to implement and maintain physical, administrative and technological measures to protect the security of non-public personal financial information. Failure to comply with the GLBA could result in enforcement actions. These laws also impose transparency and other obligations with respect to Personal Information and provide individuals with rights with respect to their Personal Information.

Legislators and regulators in the United States are increasingly adopting or revising privacy, data protection, data governance, account access, and information and cyber security laws. As such laws are interpreted and applied (in some cases, with significant differences or conflicting requirements across jurisdictions), compliance and technology costs will continue to increase, particularly in the context of ensuring that adequate data governance, data protection, data transfer and account access mechanisms are in place.

Compliance with current or future privacy, data protection, data governance, account access, and information and cyber security laws could significantly impact our collection, use, sharing, retention and safeguarding of Personal Information and could restrict our ability to provide certain products and services, which could materially and adversely affect our profitability. In addition, any failure or perceived failure to comply with such laws, regulations and other requirements relating to the privacy, security and handling of information could result in potentially significant regulatory and/or governmental investigations and/or claims, actions or litigation (including class actions). We could incur significant costs in investigating and defending such claims and, if found liable, pay significant damages or fines, be required to change our business, or face sanctions or ongoing regulatory monitoring. These proceedings and any subsequent adverse outcomes could subject us to significant customer attrition, decreases in the use or acceptance of our cards and damage to our reputation and our brand. If any of these events were to occur, our business, results of operations, and financial condition could be materially adversely affected.

Tabl e of Contents

For more information on regulatory and legislative activity in this area, see “Item 1. Business — Privacy, Information Security and Data Protection.”

Our failure to protect our intellectual property rights and use of open source software may harm our competitive position, and litigation to protect our intellectual property rights or defend against third-party allegations of infringement may be costly, any of which could negatively impact our business, results of operations and profitability.

Third parties may infringe or misappropriate our trademarks or other intellectual property rights, which could adversely impact our business, operating results or financial condition. The actions we take to protect our patents, copyrights, trademarks and other proprietary rights may not be adequate. Litigation may be necessary to enforce our intellectual property rights, protect our patents, copyrights, trademarks or trade secrets or determine the validity and scope of the proprietary rights of others. Any infringement or misappropriation could harm any competitive advantage we currently derive or may derive from our intellectual property or other proprietary rights. Third parties may also assert infringement claims against us. Any claims and an adverse determination in any resulting litigation could subject us to significant liability for damages and require us to either design around a third-party’s intellectual property or license alternative technology from another party. Moreover, it has become common in recent years for individuals and groups to purchase intellectual property assets for the sole purpose of making claims of infringement and attempting to extract settlements from companies like ours. Even in instances where we believe that claims and allegations of intellectual property infringement against us are without merit, litigation is time consuming and expensive to defend and could result in the diversion of our time and resources. Further, our competitors or other third parties may independently design around or develop similar technology, or otherwise duplicate our services or products in a way that would preclude us from asserting our intellectual property rights against them. In addition, our contractual arrangements may not effectively prevent disclosure of our intellectual property or confidential and proprietary information or provide an adequate remedy in the event of an unauthorized disclosure.

Our platform utilizes software covered by open source licenses. The use of open source software involves a number of risks, many of which cannot be eliminated and could negatively affect our business. For example, United States courts have not interpreted the terms of various open source licenses and there is a risk that some open source licenses to which we are subject could be interpreted in a manner that could impose unanticipated conditions or restrictions on our ability to use or to commercialize our platform. By the terms of certain open source licenses, if we combine our proprietary software with open source software in a certain manner, we could be required to, under certain circumstances, release the source code of our proprietary software and to make our proprietary software available under open source licenses.

We may face claims alleging noncompliance with open source licenses or misappropriation, infringement, or other violation of third-party rights resulting from our use of open source software. These claims could result in litigation, damage our reputation in the open-source community, or require us to purchase costly software licenses, devote additional research or development resources to reengineer our platform, discontinue use of our platform if reengineering could not be accomplished on a timely or cost-effective basis, and/or make the source code of our proprietary software generally available, any of which could result in liability to us and negatively impact our business, results of operations, profitability and financial condition. In addition to risks related to license requirements, usage of open source software can lead to greater risks than use of third-party commercial software because open source software licensors generally do not provide any warranties or other contractual protections for the open source software, including contractual protections regarding infringement, misappropriation, security vulnerabilities, or defects or errors in the code, any of which could result in liability to us and negatively impact our business, results of operations, profitability and financial condition.

We have international operations that subject us to various international risks as well as increased compliance and regulatory risks and costs.

We have international operations, primarily in India, and some of our third-party service providers provide services to us from other countries, all of which subject us to a number of international risks, including, among other things, sovereign volatility and sociopolitical instability. In recent years, we have taken initiatives to move a greater percentage of our call center and servicing personnel offshore, which may increase our reliance on these international operations and the risk associated therewith. Any future social or political instability in the countries in which we operate could have a material adverse effect on our business. U.S. regulations also govern various aspects of the international activities of domestic corporations and increase our compliance and regulatory risks and costs. Any failure on our part or the part of our service providers to comply with applicable U.S. regulations, as well as the regulations in the countries and markets in which we or they operate, could result in fines, penalties, injunctions or other similar restrictions, any of which could have a material adverse effect on our business, results of operations and financial condition.

Tabl e of Contents

Tax legislation initiatives or challenges to our tax positions could adversely affect our results of operations and financial condition .

We are subject to tax laws and regulations in U.S. federal, state, local and foreign jurisdictions. From time to time legislative initiatives may be proposed, which, if enacted, may impact our effective tax rate and could adversely affect our deferred tax assets, tax positions and/or our tax liabilities. In addition, U.S. federal, state, local, and foreign tax laws and regulations are extremely complex and subject to varying interpretations. There can be no assurance that our historical tax positions will not be challenged by the relevant taxing authorities, or that we would be successful in defending our positions in connection with any such challenge.

Anti-takeover provisions in our organizational documents and Delaware law may discourage or prevent a change of control, even if an acquisition would be beneficial to our stockholders, which could affect our stock price adversely and prevent or delay change of control transactions or attempts by our stockholders to replace or remove our current management.

Delaware law, as well as provisions of our certificate of incorporation, including those relating to our Board’s authority to issue series of preferred stock without further stockholder approval, our bylaws and our existing and future debt instruments, could discourage unsolicited proposals to acquire us, even though such proposals may be beneficial to our stockholders.

In addition, we are subject to the provisions of Section 203 of the Delaware General Corporation Law, which may prohibit certain business combinations with stockholders owning 15% or more of our outstanding voting stock. These and other provisions in our certificate of incorporation, bylaws and Delaware law could make it more difficult for stockholders or potential acquirers to obtain control of our Board of Directors or initiate actions that are opposed by our then-current Board of Directors, including a merger, tender offer or proxy contest involving us. Any delay or prevention of a change of control transaction or changes in our Board of Directors could cause the market price of our common stock to decline or delay or prevent our stockholders from receiving a premium over the market price of our common stock that they might otherwise receive.

Cybersecurity, Technology and Vendor Risks

We rely on third-party vendors to provide various products and services that are important to our operations, and our business could be adversely impacted if our vendors fail to fulfill their obligations.

Some services important to our business are outsourced to third-party vendors, and we contract with numerous other third-party vendors for a range of products and services. The inability or failure of these vendors to deliver products and services at contracted service levels or standards and in a timely manner could adversely affect our business. In addition, if a third-party vendor fails to meet other contractual requirements, such as compliance with applicable laws and regulations, or suffers a cyberattack or other security breach, our business operations could suffer economic or reputational harm that could have a material adverse impact on our business and results of operations. Further, if our significant vendors are unable or unwilling to fulfill or renew our existing contracts on current terms, we might not be able to replace the related product or service at the same cost, in a timely fashion, or at all, any of which could negatively impact our profitability, business and operations, in some cases materially.

If we, our third-party providers, or brand partners fail to safeguard our confidential information and/or experience a data security incident, there may be damage to our brand and reputation, material financial penalties and legal claims, which could materially adversely affect our business, results of operations, and financial condition.

We rely on computer systems, hardware, software, technology infrastructure and online sites and networks for both internal and external operations that are critical to our business (collectively, IT Systems). We own and manage some of these IT Systems but also rely on third parties for a range of IT Systems and related products and services, including but not limited to cloud computing services. We and certain of our third-party providers collect, maintain and process data about customers, employees, business partners, brand partners, and others, including Personal Information, as well as proprietary information belonging to our business such as trade secrets (collectively, Confidential Information).

Information security risks for large financial institutions have increased with the adoption of new technologies to conduct financial and other business transactions, including those used on mobile devices, and the increased sophistication and

Tabl e of Contents

activity level of threat actors. These threat actors employ advanced techniques and tools, including AI, to circumvent security controls, evade detection and remove forensic evidence. Consequently, we may face challenges in detecting, investigating, remediating or recovering from future attacks or incidents, which could lead to a material adverse impact on our IT Systems, Confidential Information or business. There can also be no assurance that our cybersecurity risk management program and processes, including our policies, controls or procedures, will be fully implemented, complied with or effective in protecting our IT Systems and Confidential Information. Furthermore, given the nature of complex systems, software and services like ours, and the scanning tools that we deploy across our networks and products, we regularly identify and track security vulnerabilities. We are unable to comprehensively apply patches or confirm that measures are in place to mitigate all such vulnerabilities, or that patches will be applied before vulnerabilities are exploited by a threat actor.

We and certain of our third-party providers have in the past been, and in the future may be, subject to cyberattacks and we expect such attacks and incidents to continue in varying degrees. For example, we have suffered cyberattacks relating to unauthorized access to customer accounts, and in such instances, we have notified impacted customers and regulators as required by law. While to date no incidents have had a material impact on our operations or financial results, we cannot guarantee that material incidents will not occur in the future.

In such instances of an adverse impact on our IT Systems or Confidential Information, we may have data loss that could harm our customers and brand partners. This in turn could lead to reputational risk as concerns with security and privacy of data may result in consumers and future and existing brand partners not wanting to use our product offerings. We also have arrangements in place with our partners and other third parties through which we share and receive Confidential Information about their customers who are or may become our customers, which magnifies certain information security issues. The use of our products and services could decline if any compromise of physical or cyber security occurred. In addition, any unauthorized release of Confidential Information or any public perception that we released Confidential Information without authorization, could subject us to legal claims (including class actions) from our partners or their customers, consumers or regulatory enforcement actions (including fines and penalties), which may adversely affect our partner relationships and result in damage to our reputation and our brand, and/or cause us to incur significant incident response, system restoration or remediation and future compliance costs. Any or all of the foregoing could materially adversely affect our business, results of operations, and financial condition. We cannot be certain that our cybersecurity insurance coverage will be adequate for cybersecurity liabilities actually incurred, that insurance will continue to be available to us on economically reasonable terms, or at all, or that our insurer will not deny coverage as to any future claim.

Business interruptions, including loss of data center capacity, interruption due to cyber-attacks, loss of network connectivity or inability to utilize proprietary software of third-party vendors, could affect our ability to timely meet the needs of our partners and customers and harm our business.

We face numerous and evolving cybersecurity risks that threaten the confidentiality, integrity and availability of our IT Systems and Confidential Information. Our ability, and that of our third-party service providers and brand partners, to protect our IT Systems and Confidential Information against damage, loss or performance degradation from power loss, network failure, cyber-attacks, including ransomware or denial of service attacks, social engineering/phishing, use of AI technologies by bad actors, deepfakes, insider threats, state-sponsored threats, hardware and software defects or malfunctions, human error, computer viruses or other malware, misconfigurations, bugs or other vulnerabilities, malicious code embedded in open-source software, disruptions in telecommunications services, fraud, fires and other disasters and other events, is critical. Because the tactics, techniques and procedures used to obtain unauthorized access, or to disable or degrade systems, change frequently, have become increasingly more complex and sophisticated, and may be difficult to detect for periods of time, we may not anticipate these acts or respond adequately or timely. For example, cybercriminals have increasingly demonstrated advanced capabilities, such as use of zero-day vulnerabilities, and rapid integration of new technology such as GenAI are being used by threat actors to create sophisticated attacks that are increasingly automated, targeted and more difficult to defend against.

To provide many of our services, we must be able to store, retrieve, process and manage large amounts of data, as well as periodically expand and upgrade our IT Systems. Any damage to our IT Systems, including those of our third-party service providers or brand partners, any failure of our network links that interrupts our operations or any impairment of our ability to use our software or the proprietary software of third-party vendors, including impairments due to cyber-attacks, or our inability to execute effective disaster recovery plans could adversely affect our ability to meet our partners’ and customers’ needs and their confidence in utilizing us for future services, as well as other adverse impacts to our business, results of operations, and financial condition. Moreover, due to the interconnectivity and complexity of information systems and their reliance on common systems, software and vendors, disruptions or degradations have had, and will likely continue to have,

Tabl e of Contents

wide-reaching consequences, including the potential to disrupt the overall financial system and other key systems in the global economy.

If we are not able to invest successfully in, and compete at the leading edge of, technological developments in our industry, our revenue and profitability could be materially adversely affected. Moreover, technology transformation projects are complex undertakings, which may result in unanticipated consequences that may adversely impact our business, results of operations, reputation and brand.

Our industry is subject to rapid and significant technological changes. In order to compete in our industry, we need to continue to invest in advanced digital and other technology across all areas of our business, including in access management, vulnerability management, transaction processing, data management and analytics, AI technology, customer interactions and communications, alternative payment and financing mechanisms, authentication technologies and digital identification, tokenization, real-time settlement, and risk management and compliance systems. Incorporating new technologies into our products and services, including developing the appropriate governance and controls consistent with statutory and regulatory expectations, requires substantial expenditures and takes considerable time, and ultimately may not be successful. We expect that new technologies in the payments industry will continue to emerge, and these new technologies may be superior to, or render obsolete, our existing technology.

T he process of developing new products and services, enhancing existing products and services and adapting to technological changes and evolving industry standards is complex, costly and uncertain, and any failure by us to anticipate partners’ and customers’ changing needs and emerging technological trends accurately could significantly impede our ability to compete effectively. Partner and customer adoption is a key competitive factor, and our competitors may develop products, platforms or tec hnologies that become more widely adopted than ours. In addition, we may underestimate the time and expense we must invest in new products and services before they generate significant revenues, if at all.

Moreover, technology transformation projects are complex undertakings that may result in unanticipated and adverse impacts. For example, as previously reported, in 2022 we completed the transition of our credit card processing services to strategic outsourcing partners. In connection with the transition, we experienced unanticipated issues with platform stability, which resulted in outages and interruptions in our call center operations and online customer service platforms. These outages and interruptions resulted in a number of adverse impacts, including the issuance of a consent order by the FDIC to one of our subsidiaries and the requirement that each of our Banks pay civil money penalties of $1 million to the FDIC. More generally, technology transformation projects may present significant risks and unanticipated impacts, including, but not limited to, operational execution errors, platform stability issues, security vulnerabilities, potential losses or corruption of data, changes in security processes, implementation delays and cost overruns, resistance from current partners and account holders, disruption to operations and loss of customization or functionality. These and other potential challenges may adversely impact our business, results of operations, financial condition, and result in regulatory actions and damage to our reputation and our brand .

Our ability to develop, acquire or access competitive technologies or business processes on acceptable terms may also be limited by intellectual property rights that third parties, including those that current and potential competitors, may assert. In addition, our ability to adopt new technologies may be inhibited by the emergence of industry-wide standards, a changing legislative and regulatory environment, an inability to develop appropriate governance and controls, a lack of internal product and engineering expertise, resistance to change from partners or consumers, lack of appropriate change management processes or the complexity of our systems.

The development and use of AI present risks and challenges that may adversely impact our business or customers.

We or our third-party vendors, clients or counterparties have developed or incorporated, or may in the future develop or incorporate, AI technology in certain business processes, services or products. For example, we have developed an AI powered knowledge management solution for our customer care associates designed to achieve the highest possible customer service standards and customer experience. The development and use of AI, however, presents a number of risks and challenges to our business. The legal and regulatory environment relating to AI is uncertain and rapidly evolving, both in the United States and internationally, and includes regulatory schemes targeted specifically at AI as well as provisions in intellectual property, privacy, consumer and data protection, employment and other laws applicable to the use of AI. Several states have already adopted AI-specific frameworks or are considering applying existing consumer and data protection laws to regulate AI. These evolving laws and regulations could require changes in our implementation of AI technology and increase our compliance costs and the risk of non-compliance. AI models, particularly generative AI models, may produce output or take actions that are incorrect, that result in the release of private, confidential or

Tabl e of Contents

proprietary information, that reflect biases included in the data on which they are trained, infringe on the intellectual property rights of others or that are otherwise harmful. In addition, certain uses of AI technology may be subject to regulation, such as requirements to explain how the AI model works and why it generates a particular output, eliminate biases built into the AI model, reduce erroneous outputs, and comply with regulations requiring watermarking AI-generated content and disclosures when consumers are interacting with AI or when decisions are made by AI, as well as requiring documentation or explanation of the basis on which decisions are made. These additional requirements may impose increased costs on our technology and compliance functions, which could put us at a competitive disadvantage and have an adverse effect on our results of operations and financial condition. Further, we may rely on AI models developed by third parties, and would be dependent in part on the manner in which those third parties develop, train and deploy their models, including risks arising from the inclusion of any unauthorized material in the training data for their models, the effectiveness of the steps these third parties have taken to limit the risks associated with the output of their models and other matters over which we may have limited visibility. Any of these risks could expose us to liability or adverse legal or regulatory consequences and harm our reputation and the public perception of our business or the effectiveness of our security measures. Further, if we increase our reliance on AI, our relationships with our associates or their retention may be adversely impacted.

In addition, the adoption of agentic commerce, in which autonomous AI agents initiate and execute transactions on behalf of users, presents novel and complex regulatory, privacy and cybersecurity risks, as well as risks relating to potential integrations with other agentic commerce applications. Legal frameworks governing such autonomous agents remain nascent, with limited direct guidance specific to payments. The interplay between payments regulations, data privacy laws and evolving AI regulations may create uncertainty around compliance and disclosure obligations and potential liability exposure as more participants (including retailers, fintechs and AI developers) enter the agentic commerce ecosystem. The market is still assessing how regulators may apply existing consumer protection and other laws in the context of AI. As agentic commerce solutions scale, we may also see increased instances of erroneous or disputed payments and other adverse impacts.

We are also exposed to risks arising from the use of AI technology by bad actors to commit fraud and misappropriate funds and to facilitate cyberattacks (including sophisticated social engineering attacks and AI-powered hacking). Malicious actors could use AI to create deepfakes of our leadership or other personnel, contributing to loss of customer trust and significant reputational damage in addition to financial harm.

Risks Related to the LoyaltyOne Spinoff

We may be adversely affected by LVI’s ongoing bankruptcy proceedings or pending or future litigation or other disputes involving or relating to LVI.

In November 2021, we completed the spinoff of our former LoyaltyOne segment, consisting of the Canadian AIR MILES® Reward Program and the Netherlands-based BrandLoyalty businesses, into an independent, publicly traded company, LVI. As part of the spinoff, we retained 19% of the outstanding shares of common stock of LVI. On March 10, 2023, LVI and certain of its subsidiaries filed voluntary petitions for relief under Chapter 11 of the United States Bankruptcy Code and in Canada under the Companies’ Creditors Arrangement Act (collectively, the LVI Bankruptcy Proceedings). Pursuant to LVI’s Chapter 11 Plan, LVI and a liquidating trustee also established a liquidating trust to pursue claims, including against us and individuals and entities affiliated with us, in respect of the spinoff transaction. Similarly, in the Canadian LVI Bankruptcy Proceeding, the Canadian subsidiary and/or the Court-appointed monitor have the authority to pursue claims against us and our affiliates.

Though we believe that our process and decision-making with respect to the spinoff transaction were entirely appropriate, we and certain members of our Board of Directors and executive management team have been named as defendants in various litigation matters relating to the spinoff, as follows. In Canada, LoyaltyOne, Co. (the LVI subsidiary that operated its Canadian AIR MILES business) filed suit against us and our general counsel in the Ontario Superior Court of Justice in Canada in October 2023. The lawsuit asserts that our general counsel, in his capacity as a pre-spinoff director of LoyaltyOne, Co., breached various fiduciary duties owed to LoyaltyOne, Co. in connection with the LVI spinoff and certain other transactions, and that Bread Financial assisted in and benefited from those breaches. The lawsuit seeks damages in the amount of $775 million. In the U.S., the liquidating trustee commenced certain actions against us in February 2024. Specifically: (i) in LVI’s U.S. Chapter 11 case in the Bankruptcy Court for the Southern District of Texas, the liquidating trustee filed an adversary proceeding against us and our general counsel alleging actual and constructive fraudulent transfers, among other claims, in connection with the spinoff; and (ii) in Delaware Chancery Court, the liquidating trustee filed an action against us, each of the members of our Board of Directors at the time of the spinoff, and

Tabl e of Contents

certain members of our executive management team alleging breaches of fiduciary duties (and aiding and abetting breaches of fiduciary duties) in connection with the spinoff. Among other things, in each of these actions the liquidating trustee seeks damages in the amount of approximately $750 million plus interest, fees and expenses. In the Texas action, certain of the claims proceeded past a motion to dismiss, and in January 2026 our motion for partial summary judgment was denied. In connection with the spinoff, we entered into a tax matters agreement, and LoyaltyOne, Co. is contesting our entitlement to certain potential tax refunds under the tax matters agreement, and we may also become involved in other disputes with respect to the spinoff agreements with LVI or incur other liabilities or obligations under contractual arrangements with LVI. Finally, a putative federal securities class action complaint was filed in April 2023 against us and current and former members of our management team concerning disclosures made about LVI’s business; although, this lawsuit has been dismissed, and the United States Court of Appeals for the Sixth Circuit affirmed the dismissal in January 2026. For additional detail regarding these pending litigation matters, see Note 20 “Commitments and Contingencies” to our audited Consolidated Financial Statements.

While we believe that each of these suits and any other claims in connection with the spinoff are without merit and we will defend ourselves vigorously, the damages being sought are significant, and litigation is complex with inherently uncertain outcomes. In the event we are found liable or reach a settlement in one or more of these actions, we may be required to pay significant awards or judgments, settlements, costs or fines, and/or we may lose entitlement to certain tax refunds that are currently recorded as other assets on our audited Consolidated Balance Sheets. Moreover, any litigation or dispute arising out of or relating to the spinoff could distract management, result in significant legal and other costs, result in downgrades to our credit ratings and otherwise adversely impact our liquidity, capital resources, access to financing, results of operations and financial condition. We cannot provide any assurance that the insurance coverage that we maintain would be adequate to cover any settlements or liabilities actually incurred in these matters or that our insurers would not seek to deny coverage as to any or all of any such amounts.

RISK MANAGEMENT

Our Enterprise Risk Management (ERM) program is designed to ensure that all significant risks are identified, measured, monitored and addressed. Beginning in 2024, we expanded our ERM Framework to implement BHC-equivalent practices for the Company to supplement the risk management framework that was already in place at our Banks. Our ERM program reflects our risk appetite, governance, culture and reporting. We manage enterprise risk using our Board-approved Risk Appetite Statements and ERM Framework, which includes Board-level oversight, risk management committees, and a dedicated risk management team led by our Chief Risk Officer (CRO). Our Board and executive management determine the level of risk we are willing to accept in pursuit of our objectives, through the ERM program and the well-defined risk appetite statements developed thereunder. We utilize the “three lines of defense” risk management model to assign roles, responsibilities and accountabilities for taking and managing risk.

Governance and Accountability

Board and Board Committees

Our Board of Directors, as a whole and through its committees, maintains responsibilities for the oversight of risk management, including monitoring the “tone at the top” and our risk culture, and overseeing emerging and strategic risks. While our Board’s Risk & Technology Committee has primary responsibility for ERM oversight, the Audit, Compensation & Human Capital and Nominating & Corporate Governance Committees also oversee risks within their respective areas of responsibilities. Each of these Board Committees consists entirely of independent directors and provides regular reports to the full Board regarding matters reviewed at their Committee meetings. Each of our Banks also has a comprehensive ERM Framework, approved by the board of directors of each Bank, which includes governance, compliance, reporting and other requirements.

Risk Management Roles and Responsibilities

In addition to our Board and Board Committees, responsibility for risk management also rests with other individuals and committees throughout the Company, including, the Board of Directors of each of our Banks and committees thereof, various management committees and executive management. Our “three lines of defense” risk management model is defined within our ERM Framework and includes the following:

• The “first line of defense” is comprised of the business areas that engage in activities that generate revenue or provide operational support or services that introduce risk to the Company. As the business owner, the first line of

Tabl e of Contents

defense is responsible for, among other things, identifying, owning, managing and controlling key risks associated with their activities, timely addressing issues and remediation, and implementing processes and procedures to strengthen the risk and control environment. The first line of defense identifies and manages key risk indicators, and risks and controls consistent with our risk appetite. The executive officers who serve as leaders in the “first line of defense,” are responsible for ensuring that their respective functions operate within established risk limits, in accordance with our risk appetite. These leaders are also responsible for identifying risks, considering risk when developing strategic plans, budgets and new products, and implementing appropriate risk controls when pursuing business strategies and objectives. In addition, these leaders are responsible for deploying sufficient financial resources and qualified personnel to manage the risks inherent in our business activities.

• The “second line of defense” consists of an independent ERM team charged with oversight and monitoring of risk within the business. The second line of defense is responsible for, among other things, formulating and overseeing our ERM Framework and related policies and procedures, effectively challenging the first line of defense and identifying, monitoring and reporting on aggregate risks of the business and support functions.

Our risk management team, which is led by our CRO and includes compliance, provides oversight of our risk profile and is responsible for maintaining a compliance program that includes compliance risk assessment, policy development, testing and reporting activities.

The CRO manages our risk management team and is responsible for establishing and implementing standards for the identification, management, measurement, monitoring and reporting of risk on an Enterprise-wide basis. In collaboration with the first line of defense, the CRO is responsible for developing an appropriate risk appetite with corresponding limits that aligns with supervisory expectations, along with proposing our risk appetite to the Board of Directors. The CRO regularly reports to the Risk & Technology Committee on risk management matters.

• The “third line of defense” is comprised of our Global Audit organization. The third line of defense provides an independent review and objective assessment of the design and operating effectiveness of the first and second lines of defense, governance, policies, procedures, processes and internal controls, and reports its findings to executive management and the Board, through the Audit Committee. Global Audit is responsible for performing periodic, independent reviews and testing compliance with our risk management policies and standards, as well as with regulatory guidance and industry best practices. Global Audit also assesses the design of our policies and standards and validates the effectiveness of risk management controls, reporting the results of such reviews to the Audit Committee.

Management Committees

We operate several internal management committees to oversee risk governance and management across the enterprise. The Enterprise Risk Management Committee (ERMC), established in 2025 as part of our initiatives to enhance our enterprise-level risk oversight, is the highest-level risk management committee at the enterprise level. The ERMC is chaired by our CRO and is responsible for overseeing the design and implementation of the ERM Framework, as well as reviewing and monitoring our enterprise risk profile against the defined risk appetite, including making recommendations on such risk appetite and reviewing or escalating matters from, or referred to by, other management-level risk committees. At each of our Banks, we also operate an equivalent risk management committee, along with other management committees for oversight of specific risk categories.

At the enterprise level, we also maintain an Operating Committee (OC), Asset & Liability Management Committee (ALCO) and Capital Management Committee (CMC).

The OC is a management committee composed of senior officers and is chaired by the Senior Vice President of Business Strategy. The OC is responsible for assisting our executive leadership team in overseeing the strategic direction, operational performance and risk management of the Company. With respect to risk management, the OC’s responsibilities include monitoring and evaluating the Company’s operational performance, key financial metrics and risk profile, setting an appropriate risk culture, seeking to resolve risks impacting the achievement of organizational goals and improving risk management discipline.

The ALCO is a management committee comprised of senior officers and is chaired by the Treasurer. The ALCO is responsible for assisting our Board of Directors and our executive leadership team in overseeing, reviewing and monitoring consolidated funding and liquidity, capital, market and investment risks. The ALCO’s responsibilities also include assisting

Tabl e of Contents

our executive leadership team in its management of our capital, funding and liquidity resources, interest rate sensitivity and our balance sheet more broadly.

The CMC is a management committee comprised of senior officers and is chaired by the Head of Corporate & Capital Planning. The CMC is responsible for assisting our Board of Directors and our executive leadership team with capital planning and oversight by monitoring our capital and providing guidance and recommendations on the use and distribution of capital. The CMC’s responsibilities also include review of the capital plan, annual budget and long-range plan, stress testing and making recommendations for capital thresholds and tolerances, capital buffers, capital targets and significant capital decisions.

Risk Categories

During 2025 we made various enhancements to our risk management practices, completing the establishment of eight enterprise-level risk pillars equivalent to the risk pillars that historically have already been in place at our Banks. Each risk pillar includes Board of Directors approved risk appetites, regular management monitoring and oversight, and at a minimum quarterly, and more frequently as appropriate, reporting to the Risk & Technology Committee.

We evaluate the potential impact of a risk event on the Company by assessing the customer, partner, financial, reputational and legal and regulatory impacts, and have divided risk into the following eight pillars: Credit Risk, Market Risk, Capital Risk, Liquidity Risk, Operational Risk, Compliance Risk, Strategic Risk, and Reputational Risk.

Credit Risk

Credit risk is the risk arising from an obligor’s failure to meet the terms of any contract or otherwise perform as agreed. Credit risk is found in all activities in which settlement or repayment depends on counterparty, issuer or borrower performance.

We are exposed to credit risk primarily relating to the credit card and other loans we make to our customers. Our credit risk relates to the risk that consumers who use the co-brand, private label, DTC credit cards, or other loan products that we issue will not repay their loan balances. As part of our efforts to minimize our risk of credit card or other loan charge-offs, we have developed automated proprietary scoring technology and verification procedures to make risk-based underwriting decisions when approving new account holders, establishing or adjusting account holder credit limits and applying our risk-based pricing. The credit risk on our Credit card and other loans balances is quantified through our Allowance for credit losses which is recorded net with Credit card and other loans on our Consolidated Balance Sheets.

Market Risk

Market risk is the risk to current or anticipated earnings, capital or economic value arising from changes in the market value of portfolios, securities or other financial instruments. Market risk includes interest rate risk, which is the risk arising from movements in interest rates. Interest rate risk results from:

• Repricing risk – differences between the timing of rate changes and the timing of cash flows;

• Basis risk – changing rate relationships among different yield curves affecting an organization’s activities;

• Yield curve risk – changing rate relationships across the spectrum of maturities; and

• Options risk – interest-related options embedded in certain products.

Our principal market risk exposures arise from volatility in interest rates and their impact on economic value, capitalization levels and earnings. To the extent we are unable to effectively match the interest rate sensitivity of our assets and liabilities, our net earnings could be materially adversely affected.

Beginning in 2024, as part of the ongoing enhancement of our interest rate risk mitigation tools, we established interest rate risk hedging capabilities, employing interest rate swaps on our credit card loans portfolio to reduce interest rate risk sensitivity. We also use various industry standard market risk measurement techniques and sensitivity analyses to estimate, assess and manage the impact of increases or decreases in interest rates on our Net interest income and economic value of equity under various interest rate scenarios. We believe these approaches provide useful insights into the interest rate risk inherent in our business, and how to effectively manage such risk. As of December 31, 2025, based on the composition of

Tabl e of Contents

our fixed rate and floating rate assets and liabilities on our Consolidated Balance Sheets, our Net interest income and economic value of equity are expected to increase in higher rate scenarios and decrease in lower rate scenarios.

One standard sensitivity measure we use calculates the impact on Net interest income from a hypothetical instantaneous and sustained 100 basis point increase or decrease in interest rates. Due to the mix of fixed and floating rate assets and liabilities on our Consolidated Balance Sheet as of December 31, 2025, this hypothetical instantaneous 100 basis point increase or decrease in interest rates would have an insignificant impact on our annual Net interest income. Actual changes in our net interest income will depend on many factors, and therefore may differ from our estimated risk to changes in interest rates. In addition to this industry standard measure, we also consider the potential impact of alternative interest rate scenarios in our internal interest rate risk management decisions, such as larger rate shocks (higher than plus-or-minus 100 basis points), or steepening and flattening yield curve scenarios. We also regularly review the sensitivity of our interest rate risk metrics to changes in our key modeling assumptions.

In recent years, we have implemented a new and improved asset liability management model that is capable of assessing a broader array of interest rate risk scenarios, including a wider range of interest rate and balance sheet assumptions. The interest rate risk model that we use in deriving these measures incorporates contractual information, behavioral assumptions and modeling methodologies, which project borrower and deposit behavior patterns. Other market inputs, such as interest rates, market prices and interest rate volatility, are also critical components of our interest rate risk measures. We regularly update and enhance these assumptions, scenarios and model as we believe appropriate to reflect our best assessment of the market environment and the expected behavior patterns of our existing assets and liabilities. There are inherent limitations, however, in any methodology used to estimate the exposure to changes in market interest rates. For example, this sensitivity analysis contemplates only certain movements in interest rates and is performed at a particular point in time based on our existing Consolidated Balance Sheet. Accordingly, changes in customer behavior and strategic actions that management may take in the future may cause the composition of our assets and liabilities to change from the assumptions and projections previously used in scenarios considered, and could cause our actual Net interest income and economic value of equity to differ from previous sensitivity analysis outcomes.

Capital Risk

Capital risk refers to the potential threat to an institution’s financial stability or safety and soundness due to inadequate capital resources to support business operations and safeguard against unexpected losses. These risks can arise from various stressed operating conditions, including macroeconomic, credit, liquidity, market, and regulatory factors.

We manage capital in alignment with the risk characteristics of our business, the economic environment, and the expectations of regulators and stockholders. This includes considering the impact of capital stress testing in our assessment of capital adequacy. Capital risk is managed by balancing stakeholder interests, such as safety and soundness, profit, growth, value, and operational and non-financial factors, while reasonably considering both near-term and long-term impacts. Our policies, risk appetite limits, and capital ratio operating targets ensure that we and the Banks maintain sufficient capital to withstand capital stress events over a specified period. The CPC and ALCO assist the Board of Directors and management in overseeing, reviewing, and monitoring capital risk.

Liquidity Risk

Liquidity risk is the risk arising from an inability to meet obligations when they come due. Liquidity risk includes the inability to access funding sources or manage fluctuations in funding levels. Liquidity risk also results from an organization’s failure to recognize or address changes in market conditions, or failure to prepare for anticipated growth with appropriate levels of liquidity.

Our primary liquidity objective is to maintain a liquidity profile that will enable us, even in times of stress or market disruption, to fund our existing assets and pay liabilities when due at an acceptable cost. Policy and risk appetite limits require us and the Banks to ensure that sufficient liquid assets are available to survive liquidity stresses over a specified time period. In accordance with our contingency funding plan, we also maintain access to funding markets to provide liquidity to satisfy additional contingency needs. The ALCO assists the Board of Directors and management in overseeing, reviewing, and monitoring liquidity risk.

Tabl e of Contents

Operational Risk

Operational risk is the risk arising from inadequate or failed internal processes or systems, human errors or misconduct, or adverse external events. Operational losses result from internal or external fraud, inadequate or inappropriate employment practices and workplace safety, failure to meet obligations involving customers, partners, products and business practices, damage to physical assets, business disruption and systems failures, and/or failures in execution, delivery and process management.

Operational risk is inherent in all business activities and can impact us through direct or indirect financial loss, damage to our brand, customer dissatisfaction and legal and regulatory penalties. We have implemented an operational risk framework that is defined in our Operational Risk Management Policy.

As part of our Operational Risk Program, we maintain an information and cybersecurity risk management program, which is led by our Chief Information Security Officer (CISO) and is designed to protect the confidentiality, integrity, and availability of critical information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction. The Program leverages security technology, a team of internal and external experts, and operations based on the National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) 2.0 consisting of controls designed to govern, protect, detect, identify, respond and recover from cybersecurity incidents. We continue to invest in enhancements to cybersecurity capabilities and engage in industry and government forums to promote advancements to the broader financial services cybersecurity ecosystem. For further discussion of our cybersecurity risk management program, see “Item IC.—Cybersecurity.”

Compliance Risk

Compliance risk is the risk arising from violations of laws or regulations, or from nonconformance with prescribed practices, internal policies and procedures, or ethical standards. This risk exposes an organization to a variety of adverse impacts, including enforcement or other supervisory actions, fines, penalties, payment of damages, restrictions on business activities and the voiding of contracts.

Our Compliance organization is responsible for establishing and maintaining our Compliance Risk Management Program, pursuant to which we seek to manage and mitigate compliance risk by assessing, controlling, monitoring, measuring and reporting the legal and regulatory risks to which we are exposed.

Strategic Risk

Strategic risk is the risk arising from adverse business decisions, poor implementation of business decisions or lack of responsiveness to changes in the industry and operating environment. This risk is a function of an organization’s strategic goals, business strategies, resources and quality of implementation.

We seek to manage strategic and business risks through risk controls embedded in these processes, as well as risk management oversight over business goals. Existing product performance is reviewed periodically by various of our Committees and executive management.

Reputational Risk

Reputational risk is the risk arising from negative public opinion. This risk may impair competitiveness by affecting the ability to establish new relationships or services, or continue servicing existing relationships.

Reputational risk is inherent in all activities and requires us to exercise caution in dealing with stakeholders, such as customers, brand partners, other contractual counterparties, investors, regulators, employees and the community. Executive management is responsible for considering the reputational risk implications of business activities and strategies and ensuring the relevant subject matter experts are engaged.

Tabl e of Contents

Model Risk

Beginning in 2025 we removed model risk as a unique, stand-alone risk pillar and have instead allocated model risk across the eight other risk pillars. Model Risk is the risk arising from decisions based on incorrect or misused model outputs and reports. Model risk occurs primarily for three reasons:

• a model may have fundamental errors, including with respect to the model’s construction, or interpretation, and produce inaccurate outputs when viewed against its design objective and intended business uses;

• a model may be used incorrectly or inappropriately, or there may be a misunderstanding about its limitations and assumptions, including models being calibrated on historical cycles and correlations which may not be predictive of the future, or failures to update assumptions appropriately or in a timely manner ; or

• the model produces results that are not compliant with fair lending or other laws and regulations.

We manage model risk through a comprehensive model governance framework, including policies and procedures for model development, maintenance and performance monitoring activities, independent model testing and validation, and change management capabilities. We assess model performance on an ongoing basis and model risk is assessed across business processes, weighted by risk pillars and managed through our Model Lifecycle Management Process.

Item 1B.    Unresolved Staff Comments.

None.

Item 1C.    Cybersecurity.

Cybersecurity Risk Management and Strategy

As noted above under “Risk Management,” we maintain an information and cybersecurity risk management program, which is led by our CISO and is designed to protect the confidentiality, integrity and availability of critical information and information systems. The program is designed based on the NIST CSF 2.0 ; provided that t his does not imply that we meet any particular technical standards, specifications or requirements, only that we use the NIST CSF 2.0 as a guide to help us identify, assess and manage cybersecurity risks relevant to our business.

Our cybersecurity risk management program is integrated into our overall ERM program, and shares common methodologies, reporting channels and governance processes that apply across the ERM program to other legal, compliance, strategic, operational, and financial risk areas.

Our cybersecurity risk management program includes:

• risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise IT environment;

• a security team principally responsible for managing (1) our cybersecurity risk assessment processes, (2) our security controls, and (3) our response to cybersecurity incidents;

• the use of external service providers, where appropriate, to assess, test, train or otherwise assist with aspects of our security controls ;

• security tools deployed in the IT environment for protection against and monitoring for suspicious activity;

• cybersecurity awareness training of our employees, including incident response personnel, and senior management;

• a cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents; and

• a third-party risk management process for service providers, suppliers, and vendors.

We have not identified risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations or financial condition. We face certain ongoing risks from cybersecurity threats such as loss or theft of data, ransomware or other disruptive attacks from financially motivated bad actors, and third-party supply chain issues that, if realized, are reasonably likely to materially affect us, including our operations, business strategy, results of operations, and financial condition. For further discussion, see “Item 1A. Risk Factors – Risk Management” and “Item 1A. Risk Factors – Cybersecurity, Technology and Vendor Risks.”

Tabl e of Contents

Cybersecurity Governance

Our Board of Directors considers cybersecurity risk to be a critical part of its risk oversight function and has delegated to the Risk & Technology Committee primary oversight of cybersecurity and other information technology risks. The Audit Committee also reviews cybersecurity matters as part of its oversight of major financial risk exposures . The Risk & Technology Committee oversees management’s implementation of our cybersecurity risk management program, and receives regular reports from management on our cybersecurity risks. In addition, management updates the Risk & Technology Committee, as necessary, regarding any material cybersecurity incidents, as well as any incidents with lesser impact potential.

The Risk & Technology Committee periodically reports to the Board of Directors regarding its activities, including those related to cybersecurity. As part of its oversight of major financial risk exposures , the Audit Committee also reviews with management and our internal and independent auditors our risk assessments and risk management program, including with respect to cybersecurity. Board members receive presentations on cybersecurity topics from our CISO or external experts as part of the Board’s continuing education on topics that impact public companies.

Our management team, including our CISO, CRO and CORO, is responsible for assessing and managing our material risks from cybersecurity threats. Our management team has primary responsibility for our overall cybersecurity risk management program and supervises both our internal cybersecurity personnel and our retained external cybersecurity consultants. Our CISO works closely with our CRO and CORO, who are responsible for providing effective oversight and challenge to the activities of our CISO.

Our CISO, who reports to our Executive Vice President and Chief Technology Officer, has 25 years of cybersecurity and information security experience across a number of regulated industries, including financial services, healthcare and defense and national security. Our CISO has been a Certified Information System Security Professional (CISSP) for over 20 years and serves on the governing body of various organizations focused on technology and cybersecurity, including as an Advisory Council Member to the Harvard Business Review and a Governing Board Member of Evanta, an organization of peer-CISOs . Each of our CRO (who reports to our Chief Executive Officer) and CORO (who reports to our CRO) has over 20 years of financial services experience in operations and risk management.

Our management team supervises efforts to prevent, detect, mitigate, and remediate cybersecurity risks and incidents through various means, and, as appropriate, provides briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, and alerts and reports produced by security tools deployed in the IT environment.

Item 2.    Properties.

As of December 31, 2025, we leased 12 general office properties, comprised of approximately 1.1 million square feet, of which approximately 0.4 million square feet are subleased or on the sublease market. Our principal facilities used to carry out our operational, sales and administrative functions are as follows (in alphabetical order, by city):

Location

Approximate

Square Footage

Lease Expiration Date

Bangalore, Karnataka, India

January 31, 2029

Chadds Ford, Pennsylvania

April 30, 2027

Coeur D’Alene, Idaho

July 31, 2038

Columbus, Ohio

September 12, 2032

Draper, Utah

August 31, 2031

New York, New York

February 29, 2028

Plano, Texas

June 30, 2026

Wilmington, Delaware

July 31, 2027

(1) Excludes square footage of subleased portion.

We believe our current facilities are suitable to our businesses and that we will be able to lease, purchase or newly construct additional facilities as needed.

Tabl e of Contents

Item 3.    Legal Proceedings.

Refer to Part I, Item 1A, “Risk Factors—Legal, Regulatory and Compliance Risks,” “Risk Factors—Risks Related to the LoyaltyOne Spinoff” and Note 20, “Commitments and Contingencies” to our audited Consolidated Financial Statements, which are incorporated herein by reference.

Item 4.    Mine Safety Disclosures.

Not applicable.

Tabl e of Contents

PART II

Item 5.    Market for Registrant’s Common Equity, Related Stockholder Matters and Issuer Purchases of Equity Securities.

Market Information

Our common stock is listed on the NYSE and trades under the symbol “BFH.”

Holders

As of February 6, 2026, the closing price of our common stock was $79.53 per share, there were 43,115,116 shares of our common stock outstanding, and there were 86 holders of record of our common stock.

Dividends

Payment of future dividends is subject to declaration by our Board of Directors. Factors considered in determining dividends include, but are not limited to, our profitability, expected capital needs and legal, regulatory and contractual restrictions. Under the terms of the Series A Preferred Stock, our ability to declare, pay or set aside any payment for dividend or distribution on our common stock, or repurchase, redeem or otherwise acquire for consideration, directly or indirectly, any shares of our common stock, is subject to restrictions in the event that we do not declare and either pay or set aside a sum sufficient for payment of dividends on the Series A Preferred Stock for the immediately preceding dividend period. See also “Risk Factors— There is no guarantee that we will pay future dividends or repurchase shares of our stock at a level anticipated by stockholders, which could reduce returns to our stockholders. ” Subject to these qualifications, we presently expect to continue to pay dividends on a quarterly basis.

On January 29, 2026, our Board of Directors declared a quarterly cash dividend of $0.23 per share on our common stock, payable on March 16, 2026, to stockholders of record at the close of business on February 27, 2026.

Issuer Purchases of Equity Securities

The following table presents information with respect to purchases of our common stock made by or on behalf of us during the three months ended December 31, 2025:

Period

Total Number of

Shares Purchased (1)

Average Price Paid

per Share

Total Number of

Shares Purchased as

Part of Publicly

Announced Plans or

Programs

Approximate Dollar

Value of Shares that

May Yet Be

Purchased Under the

Plans or Programs

( Millions)

October 1-31

November 1-30

December 1-31

Total

(1) During the periods presented, (i) 5,227 shares of our common stock were purchased by the administrator of our Bread Financial 401(k) Plan for the benefit of the employees who participated in that portion of the Plan and (ii) 1,937,540 shares of our common stock were repurchased by the Company, pursuant to a Rule 10b5-1 trading plan previously adopted by the Company, during an open trading window.

Stock Performance Graph

The following Stock Performance Graph shows the cumulative total stockholder return on our common stock compared to an overall stock market index, the S&P Composite 500 Stock Index (S&P 500 Index), and a published industry index, the S&P Financial Composite Index (S&P Financials Index), over the five-year period commencing December 31, 2020 and ended December 31, 2025.

Tabl e of Contents

The Stock Performance Graph assumes that $100 was invested in our common stock and each index, and that all dividends were reinvested. For the purpose of this Stock Performance Graph, historical stock prices have been adjusted to reflect the impact of the spinoff of LVI on November 5, 2021. The stock price performance on the graph below is not necessarily indicative of future performance.

*$100 invested on December 31, 2020 in stock or index, including reinvestment of dividends.

Fiscal year end December 31.

Copyright© 2025 Standard & Poor’s, a division of S&P Global. All rights reserved.

Bread Financial Holdings, Inc.

S&P 500 Index

S&P Financials Index

December 31, 2020

December 31, 2021

December 31, 2022

December 31, 2023

December 31, 2024

December 31, 2025

Our future filings with the SEC may “incorporate information by reference,” including this Annual Report on Form 10-K. Unless we specifically state otherwise, this Stock Performance Graph shall not be deemed to be incorporated by reference and shall not constitute soliciting material or otherwise be considered filed under the Securities Act of 1933, as amended, or the Securities Exchange Act of 1934, as amended.

Item 6.    [Reserved]

Tabl e of Contents

Item 7.    Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A).

The following discussion and analysis of our results of operations and financial condition should be read in conjunction with our audited Consolidated Financial Statements and related Notes included elsewhere in this Annual Report on Form 10-K. Some of the information contained in this discussion and analysis constitutes forward-looking statements that involve risks and uncertainties. Actual results could differ materially from those discussed in these forward-looking statements. Factors that could cause or contribute to these differences include, but are not limited to, those discussed below and elsewhere in this Annual Report on Form 10-K, particularly under “Risk Factors” and “Cautionary Note Regarding Forward-Looking Statements.” Unless otherwise specified, references to Notes to our audited Consolidated Financial Statements are to the Notes to our audited Consolidated Financial Statements as of December 31, 2025 and 2024 and for years ended December 31, 2025, 2024 and 2023.

OVERVIEW

We are a tech-forward financial services company that provides simple, personalized payment, lending, and saving solutions to millions of U.S. consumers. Our payment solutions, including Bread Financial general purpose credit cards and savings products, empower our customers and their passions for a better life. Additionally, we deliver growth for some of the most recognized brands in travel and entertainment, health and beauty, jewelry and specialty apparel through our private label and co-brand credit cards and pay-over-time products providing choice and value to our shared customers.

We have continued to diversify our product mix with our brand partners through growth of our co-brand credit card programs, which, relative to our private label credit card programs, have higher credit sales per account and an improved credit risk mix that generally results in higher transactor balances, lower delinquencies and late fees, as well as lower losses. We also offer our proprietary credit cards along with the expansion of our Bread Pay products, which are our installment loans and “split-pay” offerings.

Our partner base consists of large consumer-based businesses, including well-known brands such as (alphabetically) AAA, Academy Sports + Outdoors, Caesars, Dell Technologies, Hard Rock International, the NFL, Raymour & Flanigan, Saks Fifth Avenue, Signet, Ulta and Victoria’s Secret, as well as small- and medium-sized businesses (SMBs). Our partner base is well diversified across a broad range of industries and retail verticals, including travel and entertainment, specialty apparel, health and beauty, jewelry, sporting goods, technology and electronics, as well as home and furniture. We believe our comprehensive suite of payment, lending and saving solutions, along with our related marketing and data and analytics, offers us a significant competitive advantage with products relevant across all customer segments (Gen Z, Millennial, Gen X and Baby Boomers). The breadth and quality of our product and service offerings, coupled with our customer-centric approach, have enabled us to establish and maintain long-standing partner relationships. We operate our business through a single reportable segment, with our primary source of revenue being from Interest and fees on loans from our various credit card and other loan products, and to a lesser extent from contractual relationships with our brand partners.

Throughout this report, unless stated or the context implies otherwise, the terms “Bread Financial,” “BFH,” the “Company,” “we,” “our” or “us” refer to Bread Financial Holdings, Inc. and its subsidiaries on a consolidated basis. References to “Parent Company” refer to Bread Financial Holdings, Inc. on a parent-only standalone basis. In addition, in this report we may refer to the retailers and other companies with whom we do business as our “partners,” “brand partners,” or “clients,” provided that the use of the term “partner,” “partnering” or any similar term does not mean or imply a formal legal partnership, and is not meant in any way to alter the terms of Bread Financial’s relationship with any third parties. We offer our credit products through our insured depository institution subsidiaries, Comenity Bank and Comenity Capital Bank, which together are referred to herein as the “Banks.”

NON-GAAP FINANCIAL MEASURES

We prepare our audited Consolidated Financial Statements in accordance with accounting principles generally accepted in the United States of America (GAAP). However, certain information included herein constitutes Non-GAAP Financial Measures. Our calculations of Non-GAAP Financial Measures may differ from the calculations of similarly titled measures by other companies. In particular:

• We have previously repurchased and may, from time to time, in the future continue to repurchase debt, including any outstanding senior unsecured notes, subordinated notes or convertible notes. In such transactions, we may pay a premium to induce these repurchases, or in certain cases repurchase at a discount, which, from a GAAP perspective, would result in an impact to Total non-interest expenses, with a corresponding impact also reflected

Tabl e of Contents

in Net income and consequently our Earnings per diluted share. For our prior debt repurchases, we show adjustments to these three financial statement line items, for total Company as well as for continuing operations, to exclude the impacts from our debt repurchases. We use Adjusted total non-interest expenses , Adjusted net income , and Adjusted earnings per diluted share to evaluate the ongoing operations of the Company excluding the volatility that can occur from the impacts of our debt repurchases.

• Pretax pre-provision earnings (PPNR) represents Income from continuing operations before income taxes and the Provision for credit losses. PPNR excluding any gain on portfolio sale and impacts from debt repurchases then excludes from PPNR the gain on any portfolio sale in the period, as well as the loss or gain on any debt repurchases in the period. We use PPNR and PPNR excluding any gain on portfolio sale and impacts from debt repurchases as metrics to evaluate our results of operations before income taxes, excluding the movements that can occur within Provision for credit losses and the one-time nature of a gain on the sale of a portfolio and/or the impacts from debt repurchases.

• Return on average tangible common equity (ROTCE) represents annualized Income from continuing operations less Dividends to preferred stockholders, divided by average Tangible common equity. Tangible common equity (TCE) represents Total stockholders’ equity reduced by Preferred stock and Goodwill and intangible assets, net. We use ROTCE as a metric to evaluate the Company’s performance.

• Tangible book value per common share represents TCE divided by common shares outstanding. We use Tangible book value per common share , a metric used across the industry, to assess capital and performance, in conjunction with ROTCE.

We believe the use of these Non-GAAP financial measures provide additional clarity in understanding our results of operations and trends. For a reconciliation of these Non-GAAP financial measures to the most directly comparable GAAP measures, please see Table 6: Reconciliation of GAAP to Non-GAAP Financial Measures that follows.

BUSINESS ENVIRONMENT

This Business Environment section provides an overview of our results of operations and financial position for the year ended December 31, 2025, as well as our related outlook for 2026 and certain of the uncertainties associated with achieving that outlook. This section should be read in conjunction with the other information appearing in this Annual Report on Form 10-K, including “Consolidated Results of Operations,” “Risk Factors,” and “Cautionary Note Regarding Forward-Looking Statements,” which provide further discussion of variances in our results of operations over the periods of comparison, along with other factors that could impact future results and the Company achieving its outlook.

Credit sales of $27.8 billion were up 3% when compared with 2024, reflecting new partner growth and higher general purpose cardholder spending. Average credit card and other loans of $17.9 billion decreased 1% while End-of-period credit card and other loans of $18.8 billion were flat; both being affected by an increasing payment rate and our disciplined credit management. Total interest income decreased 2% primarily as a result of lower billed late fees and a lower Average credit card and other loans balance, partially offset by lower reversals of finance charges and late fees, resulting from lower gross credit losses, and the ongoing implementation of pricing actions. Our lower delinquency volumes and the gradual shift in product mix to a lower proportion of private label accounts, which tend to have higher billed late fees, have resulted in lower overall billed late fees. Net interest margin was 18.4% in 2025 compared with 18.3% in 2024, primarily due to decreased funding costs which is reflective of our opportunistic debt actions and growth in our DTC deposits. Our net interest margin continues to be negatively impacted by lower billed late fees from lower delinquencies, as well as an elevated cash position and our gradual shift in product mix toward co-brand cards, offset by lower funding costs and the ongoing implementation of pricing actions. Non-interest income increased $13 million, due to the implementation of pricing actions, primarily paper statement fees, partially offset by an increase in costs associated with brand partner retailer share arrangements, along with a decrease in merchant discount fees from lower “big ticket” credit sales. Overall, Total net interest and non-interest income of $3.8 billion was flat versus 2024.

Provision for credit losses decreased relative to 2024 driven by a $135 million reserve release and net principal losses of $1.4 billion, compared with a $92 million reserve release and net principal losses of $1.5 billion in the prior year.

Our Allowance for credit losses decreased as of December 31, 2025 relative to December 31, 2024, due primarily to lower Credit card and other loans, as well as a decrease in the reserve rate over the period. Our reserve rate was 11.2% as of December 31, 2025 compared with 11.9% as of December 31, 2024, reflecting our improving credit metrics and higher-quality new account acquisitions. We continue to maintain appropriately prudent weightings on the economic scenarios in our credit reserve modeling to ensure the adequacy of our Allowance for credit losses given the wide range of potential macroeconomic outcomes, including ongoing uncertainty around inflation and unemployment. From an overall credit

Tabl e of Contents

quality perspective, our percentage of cardholders with Vantage scores greater than 660 remains above pre-pandemic levels due to prudent credit management and a more diversified product mix, with co-brand and proprietary cards representing a larger proportion of our portfolio.

Total non-interest expenses decreased 3% when compared with 2024, primarily as a result of the impacts from our debt repurchases of $74 million and $117 million for the years ended December 31, 2025 and 2024, respectively, as well as a decrease in Employee compensation and benefits due to prior year strategic adjustments in customer care staffing, partially offset by higher incentive compensation costs in the current year, along with a decrease in depreciation and amortization related to lower amortization from both capitalized software and premiums on historical credit card loan portfolios.

The efforts to strengthen and optimize our balance sheet continued in 2025. Throughout 2025 we engaged in a number of financing-related transactions, including the issuances of senior and subordinated notes, the completion of tender offers to repurchase certain outstanding senior and subordinated notes, the redemption of certain senior notes and the completion of the repurchases of 100% of our outstanding convertible senior notes. During the year we announced a total of $550 million in board-authorized common stock repurchase programs, repurchasing 5.7 million shares of common stock for a total of $310 million, and we issued 75,000 shares of preferred stock for gross proceeds of $75 million. Our Common equity tier 1 capital ratio (CET1) increased to 13.0%, from 12.4% as of December 31, 2024, driven by net earnings throughout the year, partially offset by the effects from both our repurchased shares and debt securities. Additionally, DTC deposits increased to $8.5 billion as of December 31, 2025, with average DTC deposits now representing 48% of our total funding sources, which is comprised of retail and wholesale deposits, and secured and unsecured borrowings, up from 43% a year ago.

Our 2026 financial outlook is based on continued consumer resilience, inflation remaining above the FRB’s target rate of 2%, and a generally stable labor market. Our outlook also anticipates interest rate decreases by the FRB, which we would expect to result in slight Net interest margin compression.

Based on our current economic outlook and visibility into our new business pipeline and partner growth, as well as both expected continued improvement in our Net principal loss rate and our ongoing expectations for strong cardholder payment rates, we expect growth in 2026 Average credit card and other loans to be up low-single digits on a percentage point basis from full year 2025. Growth in Total net interest and non-interest income is also anticipated to be up in the low-single digits on a percentage point basis from 2025, in line with growth in Average credit card and other loans. Our outlook for full year Net interest margin has a wide range of potential outcomes given it is impacted by many variables; however, our baseline expectation is that it will be flat to modestly higher than 2025 as a result of continued benefits from implemented pricing actions and an improving cost of funds, partially offset by interest rate decreases by the FRB, lower billed late fees from improving delinquency trends and continued shifts in risk and product mix.

We manage expense growth based on revenue generation and investment opportunities, and expect to deliver positive operating leverage in 2026, excluding the pretax impacts from our debt repurchases, a Non-GAAP financial measure. We continue to invest in AI capabilities, technology modernization, marketing, and product innovation to drive growth and efficiencies. However, the degree of positive operating leverage will be dependent upon macroeconomic factors, and related to improvement in the credit environment, growth in Average credit card and other loans, and the pace and timing of further interest rate decreases by the FRB.

Our 2026 financial outlook also assumes a Net principal loss rate ranging from 7.2% to 7.4% given a resilient consumer, our disciplined credit management, and continued shifts in risk and product mix.

In our 2026 financial outlook we also expect our full year normalized effective tax rate to be in the range of 25% to 27%, with quarter-over-quarter variability due to the timing of certain discrete items.

Our 2025 results reflect our prudent capital allocation, a disciplined credit management framework, and our focus on responsible growth. Supported by strong capital levels and cash flow generation, we are well positioned to execute on our capital and growth priorities while delivering sustainable, long-term value for our stockholders.

Note: We are unable to provide a quantitative reconciliation of the forward-looking 2026 financial outlook for the Non-GAAP financial measure above, to its most directly comparable forward-looking GAAP measure, as we cannot reliably predict all of the necessary components of such a forward-looking GAAP measure without unreasonable effort.

Tabl e of Contents

CONSOLIDATED RESULTS OF OPERATIONS

The following discussion provides commentary on the variances in our results of operations for the year ended December 31, 2025, compared with the year ended December 31, 2024, as presented in the accompanying tables. This discussion should be read in conjunction with the discussion under “Business Environment,” above. For a discussion of the financial condition and results of operations for 2024 compared with 2023, please refer to Part II, Item 7. “Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A)” in our Annual Report on Form 10-K for the year ended December 31, 2024, filed with the SEC on February 14, 2025, which discussion is incorporated herein by reference from such prior report on Form 10-K.

Table 1: Summary of Our Financial Performance

Years Ended December 31,

$ Change

% Change

(Millions, except per share amounts and percentages)

Total net interest and non-interest income

Provision for credit losses

Total non-interest expenses

Income from continuing operations before income taxes

Provision for income taxes

Income from continuing operations

Loss from discontinued operations, net of income taxes (1)

Net income available to common stockholders

Adjusted net income * (2)

Net income per diluted share

Adjusted net income per diluted share * (2)

Income from continuing operations per diluted share

Adjusted income from continuing operations per diluted share * (2)

Net interest margin (3)

Return on average tangible common equity * (4)

Effective income tax rate — continuing operations

* Represents a Non-GAAP financial measure. See “Non-GAAP Financial Measures” and Table 6: Reconciliation of GAAP to Non-GAAP Financial Measures .

(1) Includes amounts that related to the previously disclosed discontinued operations associated with the spinoff of our former LoyaltyOne segment in 2021 and the sale of our former Epsilon segment in 2019. For additional information refer to Note 1, “Description of Business, Basis of Presentation and Significant Accounting Policies” to the audited Consolidated Financial Statements.

(2) Adjusts Net income, Net income per diluted share, and Income from continuing operations per diluted share for the impacts from our debt repurchases.

(3) Net interest margin represents annualized Net interest income divided by average Total interest-earning assets. See also Table 5: Net Interest Margin.

(4) Return on average tangible common equity (ROTCE) represents annualized Income from continuing operations, less Dividends to preferred stockholders, divided by average Tangible common equity. Tangible common equity (TCE) represents Total stockholders ’ equity reduced by Preferred stock and Goodwill and intangible assets, net.

Tabl e of Contents

Table 2: Summary of Total Net Interest and Non-interest Income, After Provision for Credit Losses

Years Ended December 31,

$ Change

% Change

(Millions, except percentages)

Interest income

Interest and fees on loans

Interest on cash and investment securities

Total interest income

Interest expense

Interest on deposits

Interest on borrowings

Total interest expense

Net interest income

Non-interest income

Interchange revenue, net of retailer share arrangements

Gain on portfolio sale

Other

Total non-interest income

Total net interest and non-interest income

Provision for credit losses

Total net interest and non-interest income, after provision for credit losses

(nm) Not meaningful, denoting a variance of 1,000 percent or more.

Total Net Interest and Non-interest Income, After Provision for Credit Losses

Interest income: Total interest income decreased for the year ended December 31, 2025, due to the following:

• Interest and fees on loans decreased due primarily to lower billed late fees and lower Average credit card and other loans balances, partially offset by lower reversals of finance charges and late fees, resulting from lower gross credit losses, and the ongoing implementation of pricing actions; collectively decreasing the yield on finance charges and late fees by approximately 10 basis points. Our lower delinquency volumes and the gradual shift in product mix to a lower proportion of private label accounts, which tend to have higher billed late fees, have resulted in lower overall billed late fees.

• Interest on cash and investment securities decreased due to lower average interest rates which decreased interest income by $37 million, partially offset by higher average balances, which increased interest income by $6 million.

Interest expense : Total interest expense decreased for the year ended December 31, 2025, due to the following:

• Interest on deposits decreased primarily due to lower average interest rates which decreased interest expense by $65 million, partially offset by higher average DTC deposit balances which increased funding costs by $11 million.

• Interest on borrowings decreased due to lower average borrowings which decreased funding costs by $30 million, and lower average interest rates which decreased funding costs by $22 million.

Tabl e of Contents

Non-interest income: Total non-interest income increased for the year ended December 31, 2025, due to the following:

• Interchange revenue, net of retailer share arrangements, typically a contra-revenue item for us, increased due to an increase in costs associated with brand partner retailer share arrangements, along with a decrease in merchant discount fees from lower “big ticket” credit sales.

• Other increased due to our implemented pricing actions, primarily paper statement fees, which we began assessing in the second quarter of 2024.

Provision for credit losses decreased for the year ended December 31, 2025, driven by a $135 million reserve release and net principal losses of $1.4 billion, compared with a $92 million reserve release and net principal losses of $1.5 billion in the prior year. Our reserve rate was 11.2% as of December 31, 2025, reflecting our improving credit metrics and higher-quality new account acquisitions. We continue to maintain appropriately prudent weightings on the economic scenarios in our credit reserve modeling to ensure the adequacy of our Allowance for credit losses given the wide range of potential macroeconomic outcomes, including ongoing uncertainty around inflation and unemployment.

Table 3: Summary of Total Non-interest Expenses

Years Ended December 31,

$ Change

% Change

(Millions, except percentages)

Non-interest expenses

Employee compensation and benefits

Card and processing expenses

Information processing and communication

Marketing expenses

Depreciation and amortization

Other

Total non-interest expenses

Adjusted total non-interest expenses (1)

(1) Adjusts Total non-interest expenses for the impacts from our debt repurchases, representing $74 million and $117 million and $1 million for the years ended December 31, 2025, 2024 and 2023, respectively, and therefore represent Non-GAAP financial measures. See “Non-GAAP Financial Measures” and Table 6: Reconciliation of GAAP to Non-GAAP Financial Measures .

Total Non-interest Expenses

Non-interest expenses: Total non-interest expenses decreased for the year ended December 31, 2025. Adjusted total non-interest expenses, which represents a Non-GAAP financial measure and has been adjusted for the impacts from our debt repurchases, also decreased over the periods of comparison.

• Employee compensation and benefits decreased due primarily to strategic adjustments in customer care staffing in the prior year, partially offset by higher incentive compensation in the current year.

• Depreciation and amortization decreased due to lower amortization related to both capitalized software and premiums on historical credit card loan portfolio acquisitions.

• Other decreased due primarily to higher year-over-year net impact from our debt repurchases.

Income Taxes

The Provision for income taxes decreased for the year ended December 31, 2025. The effective tax rate was 15.2% and 26.7% for the years ended December 31, 2025 and 2024, respectively. Both the decreases in the Provision for

income taxes and in the effective tax rates over the periods of comparison were primarily driven by a discrete tax benefit in the current year and larger non-deductible items in the prior year, partially offset by a $234 million increase in Income from continuing operations before income taxes in 2025.

Tabl e of Contents

On July 4, 2025, President Trump signed into law “The One Big Beautiful Bill Act” (the Bill). The Bill reinstates several provisions of the 2017 Tax Cuts and Jobs Act for businesses. The Bill did not have a significant impact on our financial position, results of operations or cash flows, nor do we expect it to have a significant impact in future periods. We also do not anticipate any significant changes to operational processes, controls or governance as a result of the Bill, either currently or in future periods.

Discontinued Operations

The Loss from discontinued operations, net of income taxes includes amounts that relate to the previously disclosed discontinued operations associated with the spinoff of our former LoyaltyOne segment in 2021 and the sale of our former Epsilon segment in 2019, and primarily relates to contractual indemnification and tax-related matters. For additional information refer to Note 22, “Discontinued Operations and Bank Holding Company Financial Presentation” to the audited Consolidated Financial Statements included in our Annual Report on Form 10-K for the year ended December 31, 2021.

Table 4: Summary Financial Highlights – Continuing Operations

As of or for the Years Ended December 31,

% Change

(Millions, except per share amounts and percentages)

Credit sales

PPNR * (1)

PPNR excluding gain on portfolio sale and impacts from debt repurchases * (1)

Average credit card and other loans

End-of-period credit card and other loans

End-of-period direct-to-consumer (retail) deposits

Return on average assets (2)

Return on average equity (3)

Return on average tangible common equity * (4)

Net interest margin (5)

Loan yield (6)

Efficiency ratio (7)

Adjusted efficiency ratio (7)

Common equity tier 1 capital ratio (8)

Tangible book value per common share * (9)

Cash dividend per common share

Payment rate (10)

Delinquency rate (11)

Net principal loss rate (12)

Reserve rate (13)

Note: Beginning in 2024, we revised the calculation of average balances to more closely align with industry practice by incorporating an average daily balance. Prior to 2024, average balances represent the average balance at the beginning and end of each month, averaged over the periods indicated.

* Represents a Non-GAAP financial measure. See “Non-GAAP Financial Measures” and Table 6: Reconciliation of GAAP to Non-GAAP Financial Measures .

(1) PPNR represents Income from continuing operations before income taxes and the Provision for credit losses. PPNR excluding gain on portfolio sale and impacts from debt repurchases excludes from PPNR any gain on portfolio sale in the period, as well as the impacts from our debt repurchases in the period.

(2) Return on average assets represents annualized Income from continuing operations divided by average Total assets.

Tabl e of Contents

(3) Return on average equity represents annualized Income from continuing operations divided by average Total stockholders’ equity.

(4) Return on average tangible common equity (ROTCE) represents annualized Income from continuing operations, less Dividends to preferred stockholders, divided by average Tangible common equity. Tangible common equity (TCE) represents Total stockholders ’ equity reduced by Preferred stock and Goodwill and intangible assets, net.

(5) Net interest margin represents annualized Net interest income divided by average Total interest-earning assets. See also Table 5: Net Interest Margin .

(6) Loan yield represents annualized Interest and fees on loans divided by Average credit card and other loans.

(7) Efficiency ratio represents Total non-interest expenses divided by Total net interest and non-interest income. Adjusted efficiency ratio excludes any gain on portfolio sale and impacts from debt repurchases.

(8) Common equity tier 1 capital ratio represents tier 1 capital reduced by Preferred stock divided by total risk-weighted assets. In the calculation of tier 1 capital, we follow the Basel III Standardized Approach and therefore Total stockholders ’ equity has been reduced by Goodwill and intangible assets, net. For additional information, see “Legislative, Regulatory Matters and Capital Adequacy” included elsewhere in this report.

(9) Tangible book value per common share represents TCE divided by common shares outstanding.

(10) Payment rate represents consumer payments during the period, divided by the aggregate of the opening monthly Credit card and other loans balances during the period, including held for sale in applicable periods.

(11) Delinquency rate represents outstanding balances that are contractually delinquent (i.e., principal balances greater than 30 days past due) as of the end of the period, divided by the outstanding principal amount of Credit card and other loans as of the same period-end.

(12) Net principal loss rate, an annualized rate, represents net principal losses for the period divided by Average credit card and other loans for the same period, using an average daily balance calculation methodology. Net principal loss rate for the year ended December 31, 2023 was impacted by the transition of our credit card processing services in June 2022.

(13) Reserve rate represents the Allowance for credit losses divided by End-of-period credit card and other loans.

Tabl e of Contents

Table 5: Net Interest Margin

Year Ended December 31, 2025

Average Balance

Interest Income / Expense

Average Yield / Rate

(Millions, except percentages)

Cash and investment securities

Credit card and other loans

Total interest-earning assets

Direct-to-consumer (retail) deposits

Wholesale deposits

Interest-bearing deposits

Secured borrowings

Unsecured borrowings

Interest-bearing borrowings

Total interest-bearing liabilities

Net interest income

Net interest margin (1)

Year Ended December 31, 2024

Average Balance

Interest Income / Expense

Average Yield / Rate

(Millions, except percentages)

Cash and investment securities

Credit card and other loans

Total interest-earning assets

Direct-to-consumer (retail) deposits

Wholesale deposits

Interest-bearing deposits

Secured borrowings

Unsecured borrowings

Interest-bearing borrowings

Total interest-bearing liabilities

Net interest income

Net interest margin (1)

(1) Net interest margin represents annualized Net interest income divided by average Total interest-earning assets.

Tabl e of Contents

Table 6: Reconciliation of GAAP to Non-GAAP Financial Measures

Years Ended December 31,

% Change

(Millions, except per share amounts and percentages)

Adjusted net income available to common stockholders

Net income available to common stockholders

Impacts from debt repurchases

Adjusted net income available to common stockholders

Adjusted net income available to common stockholders per diluted share

Net income available to common stockholders per diluted share

Impacts from debt repurchases

Adjusted net income available to common stockholders per diluted share

Adjusted income from continuing operations per diluted share

Income from continuing operations per diluted share

Impacts from debt repurchases

Adjusted income from continuing operations per diluted share

Adjusted total non-interest expenses

Total non-interest expenses

Impacts from debt repurchases

Adjusted total non-interest expenses

Pretax pre-provision earnings (PPNR)

Income from continuing operations before income taxes

Provision for credit losses

Pretax pre-provision earnings (PPNR)

Less: Gain on portfolio sale

Add: Impacts from debt repurchases

PPNR excluding gain on portfolio sale and impacts from debt repurchases

Average tangible common equity

Average total stockholders’ equity

Less: Average preferred stock

Less: Average goodwill and intangible assets, net

Average tangible common equity

Tangible common equity (TCE)

Total stockholders’ equity

Less: Preferred stock

Less: Goodwill and intangible assets, net

Tangible common equity (TCE)

(nm) Not meaningful, denoting a variance of 1,000 percent or more.

Tabl e of Contents

ASSET QUALITY

Given the nature of our business, the credit quality of our assets, in particular our Credit card and other loans, is a key determinant underlying our ongoing financial performance and overall financial condition. When it comes to our Credit card and other loans portfolio, we closely monitor Delinquency rates and Net principal loss rates, which reflect, among other factors, our underwriting, the inherent credit risk in our portfolio and the success of our collection and recovery efforts. These rates also reflect, more broadly, the general macroeconomic conditions, including the compounding effect of persistent inflation relative to wage growth, and higher interest rates. Our Delinquency and Net principal loss rates are also impacted by the size of our Credit card and other loans portfolio, which serves as the denominator in the calculation of these rates. Accordingly, changes in the size of our portfolio (whether due to credit tightening, acquisitions or dispositions of portfolios, or otherwise) may cause movements in our Delinquency and Net principal loss rates that are not necessarily indicative of the underlying credit quality of the overall portfolio.

Delinquencies: An account is contractually delinquent if we do not receive the minimum payment due by the specified due date. Our policy is to continue to accrue interest and fee income on all accounts, except in limited circumstances, until the balance and all related interest and fees are paid or charged-off. After an account becomes 30 days past due, a proprietary collection scoring algorithm automatically scores the risk of the account becoming further delinquent; based upon the level of risk indicated, a collection strategy is deployed, which may include tech-enabled, targeted collections strategies to engage with cardholders in the most efficient communication channel. If after exhausting all in-house collection efforts we are unable to collect on the account, we may engage collection agencies or outside attorneys to continue those efforts, or sell the charged-off balances.

The Delinquency rate is calculated by dividing outstanding principal balances that are contractually delinquent (i.e., principal balances greater than 30 days past due) as of the end of the period, by the outstanding principal amount of Credit card and other loans as of the same period-end.

The following table provides the delinquency trends on our Credit card and other loans portfolio based on the principal balances outstanding as of December 31:

Table 7: Delinquency Trends on Credit Card and Other Loans

Total

Total

(Millions, except percentages)

Credit card and other loans outstanding ─ principal

Outstanding balances contractually delinquent:

31 to 60 days

61 to 90 days

91 or more days

Total

As part of our collections strategy, we may offer temporary and short term programs in order to improve the likelihood of collections and meet the needs of our customers. For example, as a result of hurricanes Helene and Milton in September and October of 2024, respectively, we froze delinquency progression for cardholders in FEMA identified impact zones for one billing cycle. Our modifications, for customers who have requested assistance and meet certain qualifying requirements, come in the form of reduced payment requirements, interest rate reductions and late fee waivers. We do not offer programs involving the forgiveness of principal. These temporary loan modifications may assist in cases where we believe the customer will recover from the short-term hardship and resume scheduled payments. Under these consumer relief programs, those accounts receiving relief may not advance to the next delinquency cycle, including charge-off, in the same time frame that would have occurred had the relief not been granted. We evaluate our consumer relief programs to determine if they represent a more than insignificant delay in payment granted to borrowers experiencing financial difficulty, in which case they would then be considered a Loan Modification. For additional information, see Note 2 “Credit Card and Other Loans – Modified Credit Card Loans” to our audited Consolidated Financial Statements.

Net Principal Losses: Our net principal losses include the principal amount of Credit card and other loans that are deemed uncollectible, less recoveries, and exclude charged-off interest, fees and third-party fraud losses (including synthetic fraud).

Tabl e of Contents

Charged-off interest and fees reduce Interest and fees on loans, while third-party fraud losses are recorded in Card and processing expenses. Our credit card loans, including unpaid interest and fees, are generally charged-off in the month during which an account becomes 180 days past due. Our pay-over-time products, which include installment loans and “split-pay” offerings, including unpaid interest, are generally charged-off when a loan becomes 120 days past due. However, in the case of a customer bankruptcy or death, Credit card and other loans, including unpaid interest and fees, as applicable, are charged-off 60 days after receipt of the notification of the bankruptcy or death, but in any case no later than 180 days past due for credit card loans and 120 days past due for installment loans and “split-pay” offerings.

The Net principal loss rate is calculated by dividing net principal losses for the period by the Average credit card and other loans for the same period. Beginning in January 2024, we revised the calculation of Average credit card and other loans to more closely align with industry practice by incorporating an average daily balance. Prior to 2024, Average credit card and other loans represent the average balance of the loans at the beginning and end of each month, averaged over the periods indicated. The following table provides our net principal losses for the periods presented:

Table 8: Net Principal Losses on Credit Card and Other Loans

(Millions, except percentages)

Average credit card and other loans

Net principal losses (1)(2)

Net principal losses as a percentage of average credit card and other loans (1)(2)

(1) As a result of hurricanes Helene and Milton we froze delinquency progression for cardholders in FEMA identified impact zones for one billing cycle, which resulted in modestly lower Net principal losses and Net principal losses as a percentage of average credit card and other loans in the fourth quarter of 2024, and consequently these actions negatively impacted Net principal losses and Net principal losses as a percentage of average credit card and other loans in the second quarter of 2025.

(2) Net principal losses and Net principal losses as a percentage of average credit card and other loans for December 31, 2023 were impacted by the transition of our credit card processing services in June 2022.

CONSOLIDATED LIQUIDITY AND CAPITAL RESOURCES

Overview

We maintain a strong focus on liquidity and capital. Our funding, liquidity and capital policies are designed to ensure that our business has sufficient liquidity and capital resources necessary to support our daily operations, our business growth, and our credit ratings related to our Parent Company’s senior unsecured notes, subordinated notes, preferred stock and our public secured financings, and meet our regulatory and policy requirements, including capital and leverage ratio requirements applicable to Comenity Bank (CB) and Comenity Capital Bank (CCB) under FDIC regulations, in a cost effective and prudent manner through both expected and unexpected market environments.

Our primary sources of liquidity include cash generated from operating activities, our bank credit facility, issuances of senior unsecured, subordinated or convertible debt securities and preferred stock by our Parent Company, financings through our securitization programs, and deposits with the Banks. More broadly, we continuously evaluate opportunities to renew and expand our various sources of liquidity. We aim to satisfy our financing needs with a diverse set of funding sources, and we seek to maintain diversity of funding sources by type of instrument, by tenor and by investor base, among other factors, which we believe will mitigate the impact of disruptions in any one type of instrument, tenor or investor.

Our primary uses of liquidity are for underwriting Credit card and other loans, scheduled payments of principal and interest on our debt, operational expenses, capital expenditures, including digital and product innovation and technology enhancements, repurchases of equity and debt securities, and payments of dividends.

We have in the past, and may from time to time in the future, retire or repurchase our outstanding debt, including our senior unsecured notes or subordinated notes, through redemptions, cash purchases or exchanges for other securities, in open market purchases, tender offers, privately negotiated transactions or otherwise. Such repurchases or exchanges would depend on prevailing market conditions, our liquidity requirements, contractual restrictions and other factors, and may be funded through cash on hand, borrowings under our revolving credit facility, the issuance of new debt securities or other sources of liquidity. The amounts involved may be material.

Tabl e of Contents

We will also need additional financing in the future to repay or refinance our existing debt at or prior to maturity, and to fund our growth, which may include the issuance of additional debt or equity securities or engaging in other capital markets or financing transactions. In 2025, as part of our financing strategy and capital structure optimization, we issued our inaugural series of subordinated notes and publicly-traded preferred stock, and in the future we may continue to seek to further optimize our capital structure. Given the maturities of certain of our outstanding debt instruments and depending on the prevailing macroeconomic conditions, it is possible that we may be required to repay, extend or refinance some or all of our future debt maturities in volatile and/or unfavorable markets.

Because of the alternatives available to us, as discussed above, we believe our short-term and long-term sources of liquidity are adequate to fund not only our current operations, but also our near-term and long-term funding requirements including dividend payments, debt service obligations and repayment of debt maturities and other amounts that may ultimately be paid in connection with contingencies. However, the adequacy of our liquidity could be impacted by various factors, including pending or future legislation, regulation or litigation, macroeconomic conditions and volatility in the financial and capital markets, limiting our access to or increasing our cost of capital, which could make capital unavailable, or available but on terms that are unfavorable to us. These factors could significantly reduce our financial flexibility and cause us to contract or not grow our business, which could have a material adverse effect on our results of operations and financial condition.

We have a robust liquidity risk management framework in place which includes ongoing monitoring of our liquidity and funding positions against our risk appetite metrics and key risk indicators. During times where there may be potential risks from adverse developments in the banking industry and/or increased financial sector volatility, we may invoke our contingency funding plans to enhance daily monitoring of our liquidity and funding positions, determine potential mitigating actions, if necessary, and provide enhanced reporting to our Boards of Directors, at both the Bread Financial and Bank-levels, and regulators.

We maintain a significant majority of our liquidity portfolio on deposit within the Federal Reserve banking system, and we also have a small investment securities portfolio, classified as available-for-sale, which we hold in relation to the Community Reinvestment Act. We do not have any investment securities classified as held-to-maturity.

Credit Ratings

We obtain credit ratings for our Parent Company from the major credit rating agencies, Moody’s Investor Services (Moody’s), Standard & Poor’s (S&P) and Fitch Ratings (Fitch), in order to facilitate debt financings and broaden the investor base for our Parent Company debt securities.

Our management approach is designed, among other things, to maintain appropriate and stable credit ratings from the credit rating agencies which help support our access to cost-effective unsecured funding as a component of our overall liquidity and capital resources.

In October 2025 all three credit rating agencies issued their updated credit ratings and related outlooks. The table below provides a summary of the credit ratings for the outstanding senior unsecured debt, subordinated debt and preferred stock of Bread Financial Holdings, Inc. as of December 31, 2025:

Bread Financial Holdings, Inc.

Moody’s

Fitch

Senior unsecured debt

Subordinated debt

Preferred stock

Outlook

Positive

Positive

Stable

We also seek to maintain appropriate and stable credit ratings for our credit card securitizations issued through World Financial Network Credit Card Master Note Trust (WFNMNT) from the rating agencies (DBRS, S&P and Fitch). The table

Tabl e of Contents

below provides a summary of the structured finance credit ratings for certain of the asset-backed securities, specifically the outstanding Class A notes of WFNMNT as of December 31, 2025:

WFNMNT

DBRS (1)

Fitch

Class A notes

AAA

AAA

AAA

(1) Does not include our Series 2024-B public asset-backed-notes.

Credit ratings are not a recommendation to buy or hold any securities and they may be revised or revoked at any time at the sole discretion of the rating agency. Downgrades in the ratings of our unsecured or secured debt could result in higher funding costs, as well as reductions in our borrowing capacity in the unsecured or secured debt markets. We believe our mix of funding, including the proportion of our DTC and wholesale deposits, to total funding, reduces the impact that a credit rating downgrade could have on our funding costs and capacity.

Funding Sources

As referenced above, our primary sources of liquidity include cash generated from operating activities, our bank credit facility, issuances of senior unsecured, subordinated or convertible debt securities and preferred stock by our Parent Company, financings through our securitization programs, and deposits with the Banks.

Throughout 2025 we engaged in a number of financing-related transactions, including the issuances of senior and subordinated notes, the completion of tender offers to repurchase certain outstanding senior and subordinated notes, the redemption of certain senior notes and the completion of the repurchases of 100% of our outstanding convertible senior notes, as well as the issuance of preferred stock. Each of these transactions, as well as other matters relating to our liquidity and capital resources during the year, are described in more detail below.

Certain of our long-term debt agreements include various restrictive financial and non-financial covenants. If we do not comply with certain of these covenants and an event of default occurs and remains uncured, the maturity of amounts outstanding may be accelerated and become payable, and, with respect to our credit agreement, the associated commitments may be terminated. As of December 31, 2025, we were in compliance with all such covenants.

Credit Agreement

In October 2024, we entered into our amended credit agreement with the Parent Company, as borrower, certain of our domestic subsidiaries, as guarantors, JPMorgan Chase Bank, N.A., as administrative agent and lender, and various other financial institutions, as lenders, which provides for a $700 million senior unsecured revolving credit facility (the Revolving Credit Facility), which matures in October 2028. As of December 31, 2025, our Revolving Credit Facility was undrawn and all $700 million remained available for future borrowings.

7.000% Senior Notes Due 2026 - Redemption

In January 2025, with cash on hand, we redeemed the remaining $100 million in aggregate principal amount of our 7.000% Senior Notes due 2026.

4.25% Convertible Senior Notes Due 2028 - Repurchases

In June 2023, we issued and sold $316 million aggregate principal amount of 4.25% Convertible Senior Notes due 2028 (the Convertible Notes). Before we repurchased 100% of our outstanding Convertible Notes, the Convertible Notes bore interest at an annual rate of 4.25%, payable semi-annually in arrears on June 15 and December 15 of each year. The Convertible Notes were scheduled to mature on June 15, 2028, unless earlier repurchased, redeemed or converted.

During 2025, through discrete, privately-negotiated repurchase transactions, we repurchased the remaining $10 million in aggregate principal amount of outstanding Convertible Notes. The aggregate purchase price, or settlement value, for the repurchases during 2025 was $16 million, which was funded with cash on hand. In connection with the repurchases, we recognized a $3 million inducement expense in Other non-interest expenses representing the total settlement value, inclusive of transaction fees, in excess of the total conversion value (calculated in accordance with the indenture governing the Convertible Notes), as well as a $4 million reduction in Additional paid-in capital (APIC) related to the total conversion

Tabl e of Contents

value paid in excess of the carrying value of the Convertible Notes repurchased and a deferred tax impact. As of December 31, 2025, all of the Convertible Notes had been extinguished and no Convertible Notes remained outstanding.

Prior to the repurchases of the Convertible Notes, the embedded conversion feature within the Convertible Notes was both considered indexed to the Company’s own equity and met the equity classification conditions; therefore, it did not require derivative accounting. Upon entering into the repurchase agreements that themselves required cash settlement of our conversion obligation in excess of the aggregate principal amount of the Convertible Notes, the embedded conversion feature no longer met the equity classification conditions; therefore, requiring bifurcation and derivative accounting.

In connection with the issuance of the Convertible Notes, we entered into privately negotiated capped call (Capped Call) transactions with certain financial institution counterparties. At that time, these transactions were expected generally to reduce potential dilution to our common stock upon any conversion of Convertible Notes and/or offset any cash payments we were required to make in excess of the principal amount of the Convertible Notes, with such reduction and/or offset subject to a cap, based on the cap price.

All of the Capped Call transactions continue to remain outstanding, notwithstanding that no Convertible Notes remain outstanding. Although we do not trade or speculate in derivatives, we may seek to opportunistically terminate the Capped Call transactions (in full or in part from time to time) or leave the Capped Call transactions outstanding, possibly until maturity, in any such case with the objective of optimizing the stockholder value we receive under these transactions. The value that we ultimately realize from the Capped Call transactions (either in the form of cash or shares of our common stock, at our election) is subject to a number of variables, most significantly our stock price at the time the Capped Call transactions are terminated, and is subject to other potential adjustments based on the amount of our quarterly dividend, the volume of our share repurchases and other factors.

For additional information on the June 2023 issuance of our Convertible Notes and the subsequent repurchases in 2024, as well as information on our Capped Call transactions, refer to Note 10, “Borrowings of Long-Term and Other Debt” to the audited Consolidated Financial Statements included in our Annual Report on Form 10-K for the year ended December 31, 2024.

9.750% Senior Notes Due 2029 - Tender Offers, Repurchase and Redemption

In June 2025 , we completed a cash tender offer (the Tender Offer) pursuant to which we repurchased $150 million aggregate principal amount of our 9.750% Senior Notes due 2029 (Senior Notes due 2029). The consideration paid in the Tender Offer for each $1,000 principal amount of the Senior Notes due 2029 was $1,071, plus accrued and unpaid interest. In connection with the repurchase, we recognized a $13 million loss on extinguishment in Other non-interest expenses representing the total settlement value, inclusive of transaction fees, in excess of the carrying value of the Senior Notes due 2029.

In August 2025, we completed another cash tender offer (the Third Quarter Tender Offer) pursuant to which we repurchased $31 million in aggregate principal amount of our Senior Notes due 2029, as well as $0.1 million aggregate principal amount of 8.375% Subordinated Notes due 2035. The consideration paid in the Third Quarter Tender Offer for each $1,000 principal amount of the Senior Notes due 2029 was $1,070, plus accrued and unpaid interest. In connection with the repurchase, we recognized a $3 million loss on extinguishment in Other non-interest expenses representing the total settlement value, inclusive of transaction fees, in excess of the carrying value of the Senior Notes due 2029. See further discussion of our 8.375% Subordinated Notes due 2035, below.

In November 2025, we redeemed the remaining $719 million in aggregate principal amount of our Senior Notes due 2029 with the net proceeds from the issuance of the 6.750% Senior Notes due 2031 (as discussed below), together with cash on hand. The consideration paid in the redemption for each $1,000 principal amount of the Senior Notes due 2029 was $1,068, plus accrued and unpaid interest. In connection with the redemption, we recognized a $55 million loss on extinguishment in Other non-interest expenses representing the total settlement value, inclusive of transaction fees, in excess of the carrying value of the Senior Notes due 2029. There were no Senior Notes due 2029 outstanding as of December 31, 2025. For additional information on the issuance of our Senior Notes due 2029, refer to Note 10, “Borrowings of Long-Term and Other Debt” to the audited Consolidated Financial Statements included in our Annual Report on Form 10-K for the year ended December 31, 2024.

Tabl e of Contents

6.750% Senior Notes Due 2031 - Issuance

In November 2025, we issued $500 million aggregate principal amount of 6.750% Senior Notes due 2031 (Senior Notes due 2031). The Senior Notes due 2031 accrue interest on the outstanding principal amount at a rate of 6.750% per annum from November 6, 2025, payable semi-annually in arrears, on May 15 and November 15 of each year, beginning on May 15, 2026. The Senior Notes due 2031 will mature on May 15, 2031, unless subject to earlier repurchase or redemption. We used the net proceeds from the offering of the Senior Notes due 2031, together with cash on hand, to fund the redemption in full of our outstanding Senior Notes due 2029.

8.375% Subordinated Notes Due 2035 - Issuance, Tender Offer and Repurchase

In March 2025, we issued and sold $400 million in aggregate principal amount of 8.375% Fixed-Rate Reset Subordinated Notes due 2035 (the Subordinated Notes). The Subordinated Notes accrue interest on the outstanding principal amount (i) at a rate per annum equal to 8.375% from, and including, March 10, 2025, to, but excluding, June 15, 2030 (the Reset Date), and (ii) from, and including, the Reset Date to, but excluding, the maturity date at a rate per annum equal to the Five-Year U.S. Treasury Rate as of the date that is two business days prior to the Reset Date, plus 430 basis points. Interest on the Subordinated Notes is payable semiannually in arrears on June 15 and December 15 of each year. The Subordinated Notes will mature on June 15, 2035, unless subject to earlier repurchase or redemption. As noted above, as part of the Third Quarter Tender Offer, we repurchased $0.1 million aggregate principal amount of Subordinated Notes.

We used $250 million of the net proceeds from the Subordinated Notes offering to enter into a subordinated promissory note between Parent Company, as lender, and CCB, as borrower, on terms substantially the same as those of the Subordinated Notes. The subordinated promissory note is eliminated in consolidation.

Deposits

The Banks use a variety of deposit products to finance their operating activities, including funding for non-securitized credit card and other loans, and to fund their securitization enhancement requirements. The Banks offer DTC retail deposit products, including Individual Retirement Accounts, as well as deposits sourced through contractual arrangements with various financial counterparties (often referred to as wholesale deposits, and includes brokered deposits) and various non-maturity deposit products that are generally redeemable on demand by the customer, and as such have no scheduled maturity date. The Banks also issue certificates of deposit with scheduled maturity dates ranging between January 2026 and December 2030, in denominations of at least $1,000, on which interest is paid either monthly or at maturity.

Tabl e of Contents

The following table summarizes these retail and wholesale deposit products by type and associated attributes as of December 31:

Table 9: Interest-bearing Deposits

(Millions, except percentages)

Deposits

Direct-to-consumer (retail)

Wholesale

Total interest-bearing deposits

Non-maturity deposit products

Non-maturity deposits

Interest rate range

Weighted-average interest rate

Certificates of deposit

Certificates of deposit

Interest rate range

Weighted-average interest rate

As of December 31, 2025 and 2024, retail deposits that exceeded applicable FDIC insurance limits, which are generally $250,000 per depositor, per insured bank, per ownership category, were estimated to be $638 million (5% of Total deposits) and $531 million (4% of Total deposits), respectively. The measurement of estimated uninsured deposits aligns with regulatory guidelines.

Securitization Programs Including Conduit Facilities

We sell the majority of the credit card loans originated by the Banks to certain of our master trusts (the Trusts). These securitization programs are a principal vehicle through which we finance the Banks’ credit card loans. For this purpose, we use a combination of public term asset-backed notes and private conduit facilities (the Conduit Facilities) with a consortium of lenders, including domestic money center, regional and international banks. Both our public term asset-backed notes and borrowings under the Conduit Facilities are included in Debt issued by consolidated variable interest entities (VIEs) in the Consolidated Balance Sheets.

Tabl e of Contents

The table below summarizes our conduit capacities, borrowings and maturities for the periods presented:

Table 10: Conduit Borrowing Capacity Rollforward and Maturities

(Millions)

December 31, 2024

Commitment

December 31, 2025

Conduit Facilities

Capacity

Drawn (6)

Change

Capacity

Drawn

Maturity Date (7)

Comenity Bank

WFNMNT 2009-VFN (1)

October 2026

WFNMT 2009-VFC1 (2)

Comenity Capital Bank

WFCMNT 2009-VFN (3)

February 2027

CCAST 2023-VFN1 (4)

CCAST 2024-VFN1 (5)

Total

(1) 2009-VFN Conduit issued under World Financial Network Credit Card Master Note Trust (WFNMNT). In October 2025, the 2009-VFN Conduit commitment was reduced by $900 million to $1.75 billion, and the Maturity Date was extended to October 2026.

(2) 2009-VFC1 Conduit issued under World Financial Network Credit Card Master Trust III (WFNMT) was retired following controlled amortization, meaning the period in which principal collections are accumulated to pay down the outstanding principal amount of the notes issued under the Conduit Facility, in June 2025 pursuant to the termination, consent and waiver agreement.

(3) 2009-VFN Conduit issued under World Financial Capital Master Note Trust (WFCMNT). In February 2025, the 2009-VFN Conduit commitment was reduced by $250 million to $2 billion, and the Maturity Date was extended to February 2026. Then in December 2025, the Maturity Date of the 2009-VFN Conduit was further extended to February 2027.

(4) 2023-VFN1 Conduit issued under Comenity Capital Asset Securitization Trust (CCAST). The purchase commitment expired on September 29, 2025 and the 2023-VFN1 Conduit was retired on October 1, 2025 pursuant to the termination, consent and waiver agreement.

(5) 2024-VFN1 Conduit issued under CCAST was retired in February 2025 pursuant to the termination, consent and waiver agreement.

(6) Amounts drawn do not include $1.1 billion of debt in the form of subordinated notes issued by WFNMNT and WFCMNT as of December 31, 2024, which were not sold, but were retained by us as credit enhancements and therefore have been eliminated from the Total. The credit enhancements represented by subordinated notes issued by WFCMNT and WFNMNT were replaced with excess collateral amounts in February 2025 and October 2025, respectively, as defined in the relevant indenture supplements.

(7) Maturity Date with respect to conduit borrowings means the date on which the revolving period for the applicable Conduit Facility expires. The revolving period may be extended or renewed (unless an early amortization event occurs prior to the Maturity Date). Absent the extension or renewal of the revolving period, the Conduit Facility shall enter controlled amortization on the Maturity Date and may no longer be drawn upon.

As of December 31, 2025, we had approximately $10.7 billion of securitized credit card loans. Securitizations require credit enhancements in the form of cash, spread deposits, additional loans and/or subordinated classes. The credit enhancement is principally based on the outstanding balances of the series issued by the Trusts and by the performance of the credit card loans in the Trusts.

Early amortization events as defined within each asset-backed securitization transaction are generally driven by asset performance. We do not believe it is reasonably likely that an early amortization event will occur due to asset performance. However, if an early amortization event were declared for a Trust, the trustee of the particular Trust would retain the interest in the loans along with the excess spread that would otherwise be paid to our Bank subsidiary until the investors were fully repaid. The occurrence of an early amortization event would significantly limit or negate our ability to securitize additional credit card loans.

We have secured and continue to secure the necessary commitments to fund our credit card and other loans. However, certain of these commitments are short-term in nature and subject to renewal. There is no guarantee that these funding sources, when they mature, will be renewed on similar terms, or at all, as they are dependent on the availability of the asset-backed securitization and deposit markets at the time.

Regulation RR (Credit Risk Retention) adopted by the FDIC, the SEC, the FRB and certain other federal regulators mandates a minimum five percent risk retention requirement for securitizations. Such risk retention requirements may limit our liquidity by restricting the amount of asset-backed securities we are able to issue or affecting the timing of future

Tabl e of Contents

issuances of asset-backed securities. We satisfy such risk retention requirements by maintaining a seller’s interest calculated in accordance with Regulation RR.

Equity

Preferred Stock

In November 2025, we authorized and issued 75,000 shares of preferred stock as depositary shares (the Depositary Shares) for gross proceeds of $75 million, with each Depositary Share representing a 1/40th interest in our Series A 8.625% Non-Cumulative Perpetual Preferred Stock, par value $0.01 per share (the Series A Preferred Stock). The Series A Preferred Stock has a liquidation preference of $25 per Depositary Share (equivalent to $1,000 per share of Series A Preferred Stock) and as of December 31, 2025, the aggregate liquidation value was $75 million. We used the net proceeds of the offering to enter into a preferred stock transaction with one of our subsidiary banks, CCB, pursuant to which CCB issued preferred stock to Parent Company on terms substantially the same as those of the Series A Preferred Stock. The CCB preferred stock is eliminated in consolidation.

We will pay dividends on the Series A Preferred Stock quarterly in arrears, when, as, and if declared by our Board of Directors, and to the extent that we have lawfully available funds to pay such dividends, on March 15, June 15, September 15, and December 15 of each year. We expect to pay dividends on our Series A Preferred Stock beginning on March 15, 2026, subject to the above referenced conditions. We may redeem the Series A Preferred Stock at our option, subject to any regulatory approval requirements as are in effect at such time, (i) in whole or in part, on any dividend payment date on or after December 15, 2030 or (ii) in whole but not in part, at any time within 90 days following a regulatory capital treatment event, in either case at a redemption price equal to $1,000 per share (equivalent to $25 per Depositary Share), plus any declared and unpaid dividends. In the event we liquidate, dissolve or wind-up our business and affairs, either voluntarily or involuntarily, as noted above holders of the Series A Preferred Stock are entitled to a liquidation preference of $25 per Depositary Share, plus any declared and unpaid dividends, before we make any distribution of assets to the holders of our common stock. Holders of the Depositary Shares are entitled to all proportional rights and preferences of the Series A Preferred Stock (including dividend, voting, redemption and liquidation rights).

Stock Repurchase Programs

Periodically, we enter into stock repurchase programs, as approved by our Board of Directors. The rationale for our repurchase programs, and the amounts thereof, is to execute against our previously disclosed capital priorities to grow responsibly, maintain balance sheet strength, and return value to stockholders.

The following table provides information about our common stock repurchases under our various Board of Directors approved share repurchase authorizations, for the periods presented:

Table 11: Authorized Share Repurchases

(Millions)

Amount Authorized for Repurchase

Number of Shares Repurchased (1)

Approximate Dollar Value of Shares Repurchased (2)

Amount Remaining for Future Repurchases

For the three months ended:

March 31, 2025

June 30, 2025

September 30, 2025

December 31, 2025

Total

(1) Following their repurchase, these shares ceased to be outstanding shares of common stock and are now treated as authorized but unissued shares of common stock.

(2) Excludes excise taxes on stock repurchases.

Tabl e of Contents

Dividends

The table below summarizes the cash dividend activity we had on our common stock for the dates presented:

Table 12: Dividends

(Millions, except per share amounts)

Dividend Declaration Date

Dividend Payment Date

Amount Per Common Share

Amount (1)

January 30, 2025

March 21, 2025

April 24, 2025

June 13, 2025

July 24, 2025

September 12, 2025

October 23, 2025

December 12, 2025

(1) Excludes dividend equivalent rights paid during the period.

No cash dividends were declared or paid on our preferred stock during 2025.

On January 29, 2026, our Board of Directors declared a quarterly cash dividend of $26.35 per share on our preferred stock and $0.23 per share on our common stock, payable on March 16, 2026, to stockholders of record at the close of business on February 27, 2026.

Contractual Obligations

In the normal course of business, we enter into various contractual obligations that may require future cash payments, the vast majority of which relate to deposits, debt issued by consolidated VIEs, long-term and other debt and operating contracts and leases.

We believe that we will have access to sufficient resources to meet these commitments.

Cash Flows

The table below summarizes our cash flow activity for the periods indicated, followed by a discussion of the variance drivers impacting our Operating, Investing and Financing activities:

Table 13: Cash Flows

(Millions)

Total cash provided by (used in):

Operating activities

Investing activities

Financing activities

Net (decrease) increase in cash, cash equivalents and restricted cash

Cash Flows from Operating Activities primarily include Net income adjusted for (i) non-cash items included in Net income, such as Provision for credit losses, Depreciation and amortization, deferred taxes and other non-cash items, and (ii) changes in the balances of operating assets and liabilities, which can fluctuate in the normal course of business due to the amount and timing of payments. We generated Cash flows from operating activities of $2.1 billion and $1.9 billion for the years ended December 31, 2025 and 2024, respectively. The net cash provided by operating activities during these periods was primarily driven by cash generated from Net income, after adjusting for the Provision for credit losses and Loss on debt extinguishment.

Cash Flows from Investing Activities primarily include changes in Credit card and other loans. Cash used in investing activities was $1.4 billion and $1.2 billion for the years ended December 31, 2025 and 2024, respectively. For the years

Tabl e of Contents

ended December 31, 2025 and 2024, the net cash used in investing activities was primarily due to Net principal losses, and for the year ended December 31, 2024, the purchase of a credit card loan portfolio, partially offset by the paydown of Credit card and other loans and the sale of a credit card loan portfolio.

Cash Flows from Financing Activities primarily include changes in deposits and long-term debt. Cash used in financing activities was $807 million and $592 million for the years ended December 31, 2025 and 2024, respectively. For the year ended December 31, 2025, the net cash used in financing activities was primarily driven by net repayments of both debt issued by consolidated variable interest entities (i.e., securitizations) and of unsecured borrowings, as well as repurchases of common stock, partially offset by a net increase in deposits. For the year ended December 31, 2024, the net cash used in financing activities was primarily driven by net repayments of unsecured borrowings, including our repurchased Convertible Notes, and a net decrease in wholesale deposits, partially offset by the net borrowings of debt issued by consolidated variable interest entities.

INFLATION AND SEASONALITY

Although we cannot precisely determine the impact of inflation on our operations, we have generally sought to rely on operating efficiencies from scale, technology modernization and digital advancement along with other operational excellence initiatives, as well as expansion in lower cost jurisdictions to offset increased costs of employee compensation and other operating expenses impacted by inflation. We also recognize that a customer’s ability and willingness to repay us has been negatively impacted by factors such as recent inflation and higher interest rates, and any persistent effects therefrom, which may result in higher delinquencies and increased credit losses, as reflected in our elevated Reserve rate. If the efforts to control inflation in the U.S. and globally are not successful and inflationary pressures continue to persist, including due to changes to, or the imposition of, tariffs and/or trade barriers, they could further increase repayment pressure on consumers as well as the risk of a recessionary environment or stagflation which may adversely impact our business, results of operations and financial condition.

With respect to seasonality, our revenues, earnings and cash flows are affected by increased consumer spending patterns leading up to and including the holiday shopping season in the fourth quarter of each year and, to a lesser extent, during the first quarter of each year as Credit card and other loans are paid down. Net principal loss rates for our Credit card and other loans portfolio also have historically exhibited seasonal patterns and generally tend to be the highest in the first quarter of the year and lowest in the third quarter. While the effects of the seasonal trends discussed above remain evident, macroeconomic trends, such as those discussed within the Business Environment sections of our quarterly and annual reports on Forms 10-Q and Form 10-K generally have a more significant impact on our key financial metrics and can outweigh any seasonal impacts that we may experience.

LEGISLATIVE, REGULATORY MATTERS AND CAPITAL ADEQUACY

Our business is subject to extensive federal and state laws and regulations, as well as related regulation and supervision, including by the FDIC, CFPB and other federal and state authorities. Pending and future laws and regulations (federal and state) may adversely impact our business. Without limiting the foregoing, CB is subject to various regulatory capital requirements administered by the Delaware Office of the State Bank Commissioner and the FDIC. CCB is also subject to various regulatory capital requirements administered by the Utah Department of Financial Institutions and the FDIC. Failure to meet minimum capital requirements can trigger certain mandatory and possibly additional discretionary actions by our regulators. Under capital adequacy guidelines and the regulatory framework for prompt corrective action, both Banks must meet specific capital guidelines that involve quantitative measures of their assets and liabilities as calculated under regulatory accounting practices. The capital amounts and classification are also subject to qualitative judgments by these regulators about components, risk weightings and other factors. In addition, both Banks are limited in the amounts they can pay as dividends to the Parent Company. For additional information about legislative and regulatory matters impacting us, see “Business–Supervision and Regulation” under Part I of this Annual Report on Form 10-K, as well as “Management’s Discussion and Analysis of Financial Condition and Results of Operations (MD&A) — Business Environment” and “Risk Factors — Legal, Regulatory and Compliance Risks.”

Quantitative measures, established by regulations to ensure capital adequacy, require the Banks to maintain minimum amounts and ratios of Tier 1 capital to average assets, and Common equity tier 1, Tier 1 capital and Total capital, each to risk weighted assets. Failure to meet these minimum capital requirements can result in certain mandatory, and possibly additional discretionary actions by the Banks’ regulators that if undertaken, could have a direct material effect on CB’s and/or CCB’s operating activities, as well as our operating activities. Based on these regulations, as of December 31, 2025 and 2024, each Bank met all capital requirements to which it was subject, and maintained capital ratios in excess of the

Tabl e of Contents

minimums required to qualify as well capitalized. The Banks seek to maintain capital levels and ratios in excess of the minimum regulatory requirements inclusive of the 2.5% Capital Conservation Buffer. Although Bread Financial is not a bank holding company as defined under the Bank Holding Company Act, we seek to maintain capital levels and ratios in excess of the minimums required for bank holding companies.

The Banks adopted the option provided by the interim final rule issued by joint federal bank regulatory agencies, which largely delayed the effects of the CECL model on their regulatory capital for two years, until January 1, 2022, after which the effects were phased-in over a three-year period through December 31, 2024. Under the interim final rule, the amount of adjustments to regulatory capital deferred until the phase-in period included both the initial impact of our adoption of CECL as of January 1, 2020, and 25% of subsequent changes in our Allowance for credit losses during each quarter of the two-year period ended December 31, 2021. In accordance with the interim final rule, we began to ratably phase-in these effects on January 1, 2022, and as of January 1, 2025 had fully phased-in all such effects.

On December 17, 2025, we filed applications with the federal and respective state banking regulators for permission to merge CB with and into CCB, with CCB being the surviving entity. Pending regulatory approval and the expiration of any applicable waiting periods, the merger of CB and CCB is expected to occur in the second half of 2026. The merger is not expected to have a significant impact on our consolidated financial position, results of operations, or liquidity. For additional discussion, refer to “Part I, Item 1. Business — Supervision and Regulation — Planned Merger of CB with and into CCB.”

The following table provides the actual capital ratios and minimum ratios for the Company, as well as each Bank, as of December 31:

Table 14: Capital Ratios

Ratio/Dollar Value

Minimum Ratio for

Capital Adequacy

Purposes *

Minimum Ratio to be

Well Capitalized under

Prompt Corrective

Action Provisions

(Millions, except percentages)

Total Company

Common equity tier 1 capital ratio (1)

Tier 1 capital ratio (2)

Total risk-based capital ratio (3)

Tier 1 leverage capital ratio (4)

Total risk-weighted assets (5)

Comenity Bank

Common equity tier 1 capital ratio (1)

Tier 1 capital ratio (2)

Total risk-based capital ratio (3)

Tier 1 leverage capital ratio (4)

Comenity Capital Bank

Common equity tier 1 capital ratio (1)

Tier 1 capital ratio (2)

Total risk-based capital ratio (3)

Tier 1 leverage capital ratio (4)

* The listed capital adequacy ratios exclude the Capital Conservation Buffer.

(1) Common equity tier 1 capital ratio represents tier 1 capital reduced by Preferred stock divided by total risk-weighted assets. In the calculation of tier 1 capital, we follow the Basel III Standardized Approach and therefore Total

Tabl e of Contents

stockholders’ equity has been reduced by Goodwill and intangible assets, net. See below for a reconciliation of our Total stockholders’ equity under GAAP to tier 1 and tier 2 capital under the Basel III Standardized Approach.

(2) Tier 1 capital ratio represents tier 1 capital divided by total risk-weighted assets. In the calculation of tier 1 capital, we follow the Basel III Standardized Approach and therefore Total stockholders’ equity has been reduced, primarily by Goodwill and intangible assets, net. For us, tier 1 capital is primarily comprised of CET1 capital and Preferred stock. See below for a reconciliation of our Total stockholders’ equity under GAAP to tier 1 and tier 2 capital under the Basel III Standardized Approach.

(3) Total risk-based capital ratio represents total capital divided by total risk-weighted assets. In the calculation of total capital, we follow the Basel III Standardized Approach and therefore tier 1 capital has been increased by tier 2 capital, which for us is comprised of subordinated notes, as well as the allowable portion of the Allowance for credit losses. See below for a reconciliation of our Total stockholders’ equity under GAAP to tier 1 and tier 2 capital under the Basel III Standardized Approach.

(4) Tier 1 leverage capital ratio represents tier 1 capital divided by total average assets, after certain adjustments.

(5) Total risk-weighted assets are generally measured by allocating assets, and specified off-balance sheet exposures, to various risk categories as defined by the Basel III Standardized Approach.

The following table provides a reconciliation of our Total stockholders’ equity under GAAP to Basel III Standardized Approach Common equity tier 1 capital, Tier 1 capital, Tier 2 capital and Total capital, as of December 31 :

Table 15: Capital Reconciliations

(Millions)

Total stockholders’ equity

Less:

Preferred stock

Total common stockholders’ equity

Less:

Goodwill (1)

Other intangible assets

Other

Common equity tier 1 capital

Add:

Preferred stock

Tier 1 capital

Subordinated notes

Qualifying allowance for credit losses (2)

Tier 2 capital

Total capital

(1) Goodwill, net of the related $41 million deferred tax liability.

(2) Represents the allowable portion of the Allowance for credit losses, which is a maximum of 1.25% of RWA.

Tabl e of Contents

The following table provides the changes in our Basel III Standardized Approach Common equity tier 1 capital, Tier 1 capital and Tier 2 capital as of December 31:

Table 16: Capital Rollforwards

(Millions)

Common equity tier 1 capital beginning balance

Net income available to common stockholders

Dividends declared on common stock

Repurchases of common stock

CECL phase-in adjustment

Changes in additional paid-in capital

Changes in intangible assets

Other

Common equity tier 1 capital

Additional Tier 1 capital beginning balance

Change in preferred stock

Tier 1 capital

Tier 2 capital beginning balance

Change in subordinated notes

Change in qualifying allowance for credit losses

Tier 2 capital

Total capital

Further information about each Bank’s capital components and calculations can be found in each Bank’s Consolidated Reports of Condition and Income Form FFIEC 041 (Call Reports) as filed with the FDIC.

We are also involved, from time to time, in reviews, investigations, subpoenas, supervisory actions and other proceedings (both formal and informal) by governmental agencies regarding our business, which could subject us to significant fines, penalties, obligations to change our business practices, significant restrictions on our existing business or ability to develop new business, cease-and-desist orders, safety-and-soundness directives or other requirements resulting in increased expenses, diminished income and damage to our reputation.

In November 2023 following the consent of the Board of Managers of Comenity Servicing LLC (the Servicer), the FDIC issued a consent order to the Servicer. The Servicer is not one of our Bank subsidiaries, but is our wholly-owned subsidiary that services substantially all of our loans. The consent order arose out of the June 2022 transition of our credit card processing services to strategic outsourcing partners and addresses certain shortcomings in the Servicer’s information technology (IT) systems development, project management, business continuity management, cloud operations, and third-party oversight. The Servicer entered into the consent order for the purpose of resolving these matters without admitting or denying any violations of law or regulation set forth in the order. The consent order does not contain any monetary penalties or fines.

The Servicer continues to take significant steps to strengthen the organization’s IT governance and address the other issues identified in the consent order, working diligently to ensure that all requirements of the consent order are satisfied. Without limiting the generality of the foregoing, the Servicer has taken steps to address each provision within the consent order and continues to comply with each ongoing requirement. The Servicer is committed to complying with the longer-term requirements of the consent order, including the enhancement of its compliance management processes and related corporate governance, compliance with the applicable system conversion requirements, and enhanced risk management and reporting. The Servicer has submitted all required deliverables under the consent order to the FDIC for its review and consideration. The Board of Managers of the Servicer continues to oversee its compliance with the requirements of the

Tabl e of Contents

consent order and provide effective challenge to the Servicer’s management toward that end. The Board of Directors of each of the Banks also receives reporting about the Servicer and monitors the Servicer’s compliance with the provisions of the consent order.

CRITICAL ACCOUNTING POLICIES AND ESTIMATES

Our discussion and analysis of our results of operations and overall financial condition is based upon our audited Consolidated Financial Statements, which have been prepared in accordance with the accounting policies described in Note 1, “Description of Business, Basis of Presentation and Significant Accounting Policies” to our audited Consolidated Financial Statements included as part of this Annual Report on Form 10-K. The preparation of the audited Consolidated Financial Statements requires management to make estimates and judgments that affect the reported amounts of assets, liabilities, revenues and expenses, and related disclosure of contingent assets and liabilities. We continually evaluate our estimates and judgments in determination of our financial position and operating results. Estimates are based on information available as of the date of the audited Consolidated Financial Statements and, accordingly, actual results could differ from these estimates, sometimes materially. Critical accounting estimates are defined as those that are both most important to the portrayal of our financial position and operating results, and require management’s most subjective judgments, which for us is our Allowance for credit losses and Goodwill impairment.

Allowance for Credit Losses

The Allowance for credit losses represents our estimate of expected credit losses over the estimated life of our Credit card and other loans, incorporating future macroeconomic forecasts in addition to information about past events and current conditions. Our estimate under the CECL approach involves significant judgments from a modeling and forecasting perspective, and is significantly influenced by the composition, characteristics and quality of our Credit card and other loans portfolio, as well as the prevailing economic conditions and forecasts utilized.

In estimating our Allowance for credit losses, for each identified segment of loans sharing similar risk characteristics, management uses modeling and estimation techniques that leverage historical data and behavioral relationships, together with third-party projections of certain macroeconomic variables, to estimate expected credit losses based on historical correlation of realized losses to macroeconomic conditions. We consider the macroeconomic forecast used to be reasonable and supportable over the estimated life of the Credit card and other loans portfolio, with no reversion period. Since our implementation of the CECL guidance, we have maintained a consistent approach to modeling the life of loan losses in establishing our Allowance for credit losses.

In addition to the quantitative estimate of expected credit losses, we also incorporate qualitative adjustments to the modeled output in order to address risks not inherently captured by that modeled output, such as Company-specific risks, changes in current macroeconomic conditions, or other relevant factors to ensure the Allowance for credit losses reflects our best estimate of current expected credit losses.

If we used different assumptions in estimating our current expected credit losses, the impact on the Allowance for credit losses could have a material effect on our consolidated financial position and results of operations. For example, a 100 basis point increase in the Allowance for credit losses as a percentage of the amortized cost of our Credit card and other loans could have resulted in a change of approximately $184 million in the Allowance for credit losses as of December 31, 2025, with a corresponding change in the Provision for credit losses.

Goodwill Impairment

Goodwill is recognized for business acquisitions when the purchase price is higher than the fair value of acquired net assets. As required by GAAP, goodwill is not amortized but is tested for impairment at least annually or when events or circumstances arise that would more likely than not reduce the fair value of our single reporting unit below its carrying value.

We have the option to first assess qualitative factors to determine whether it is more likely than not that the fair value of our reporting unit is less than its carrying value. Alternatively, we can perform a more detailed quantitative assessment of goodwill impairment. Qualitative factors considered in evaluating goodwill impairment include macroeconomic conditions, industry and market considerations, our overall financial performance and other relevant entity-specific factors, and/or a sustained decrease in our share price. If, after assessing these qualitative factors we conclude that it is not more likely than not that the fair value of our reporting unit is less than its carrying amount, then the quantitative goodwill impairment test is

Tabl e of Contents

not necessary. However, if the qualitative factors indicate it is more likely than not that the fair value of our reporting unit is less than its carrying amount, or we elect to skip the qualitative assessment, we would perform a quantitative impairment test.

We apply significant judgment when testing goodwill for impairment, especially when performing the quantitative test where we perform a valuation of our reporting unit leveraging a combination of the income approach based on discounted cash flows and the market approach based on valuation multiples. The key assumptions used to determine the fair value are primarily unobservable inputs (i.e., Level 3 inputs as defined under GAAP) including internally developed forecasts to estimate future cash flows, growth rates and discount rates, as well as market valuation multiples (for the market approach). Estimated cash flows are based on internal forecasts grounded in historical performance and future expectations. To discount the estimated cash flows, we use the expected cost of equity taking into account a combination of industry and Company-specific factors we believe a third-party market participant would incorporate. We believe the discount rate applied appropriately reflects the risks and uncertainties in the financial markets generally and specifically in our internally developed forecasts. When using valuation multiples under the market approach, we apply comparable publicly traded companies’ multiples (e.g., price to tangible book value or return on tangible equity) to our reporting unit’s operating results.

Given the inherent uncertainty in the judgments involved, we could be exposed to goodwill impairment as a result of adverse impacts from various factors including regulatory or legislative changes, or if future macroeconomic conditions or future operating results differ significantly from our current assumptions.

In connection with our annual goodwill impairment evaluation for the year ended December 31, 2025, we performed a qualitative assessment and determined that it was not more likely than not that the fair value of our reporting unit was less than its carrying amount. See Note 6, “Goodwill and Intangible Assets, Net ” to our audited Consolidated Financial Statements for additional information.

RECENTLY ADOPTED AND RECENTLY ISSUED ACCOUNTING STANDARDS

See “Recently Adopted and Recently Issued Accounting Standards” in Note 1, “Description of Business, Basis of Presentation and Significant Accounting Policies” to the audited Consolidated Financial Statements.